CVE-2023-42133 MEDIUM

CVE-2023-42133

Vendor Pax
Product POS terminals
Weakness CWE-276
Published October 11, 2024
Last update October 11, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Key dates

02Disclosure timeline

October 11, 2024 CVE published
October 11, 2024 Record updated