← back
CVE-2023-42133

CVE-2023-42133

CVSS 6.7 MEDIUMEPSS 0.2%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
PAX · POS terminals

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.stmcyber.com/pax-pos-cves-2023/https://cert.pl/en/posts/2024/10/CVE-2023-42133https://cert.pl/posts/2024/10/CVE-2023-42133https://ppn.paxengine.com/release/development?