CVE-2023-42137

Published Jan 15, 2024

Last updated 6 months ago

CVSS high 7.8

Overview

Description: PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.
Source: cvd@cert.pl
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

cvd@cert.pl: CWE-59
nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a6650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8C020172-6E0C-4265-B4C9-ED93C84FE8AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFCD5218-5AA0-4086-926C-3EAEE1E43136"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a77:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0390BD9D-1FF7-456E-9394-34F009DE82CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D351F870-D43F-48B4-B2AC-0FDDD7B82ED4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:a920_max:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8612B592-DFE4-4B66-B24D-71EEA747FAA2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8",
            "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paxtechnology:d190:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB9483F8-5201-4F31-9F9A-F00A48C4C972"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References