Lucene search

MitreCVE-2023-27197

HistoryJul 05, 2023 - 8:15 p.m.

CVE-2023-27197

2023-07-0520:15:10

mitre

web.nvd.nist.gov

pax a930

cve-2023-27197

paydroid

root access

vulnerability

nvd

security

exploit

shared library

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.

Affected configurations

Nvd

Node

paxtechnologypax_a930_firmwareMatchpaydroid_7.1.1_virgo_v04.5.02_20220722

AND

paxtechnologypax_a930Match-

VendorProductVersionCPE
paxtechnologypax_a930_firmwarepaydroid_7.1.1_virgo_v04.5.02_20220722cpe:2.3:o:paxtechnology:pax_a930_firmware:paydroid_7.1.1_virgo_v04.5.02_20220722:*:*:*:*:*:*:*
paxtechnologypax_a930-cpe:2.3:h:paxtechnology:pax_a930:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paxtechnology	pax_a930_firmware	paydroid_7.1.1_virgo_v04.5.02_20220722	cpe:2.3:o:paxtechnology:pax_a930_firmware:paydroid_7.1.1_virgo_v04.5.02_20220722:::::::*
paxtechnology	pax_a930	-	cpe:2.3:h:paxtechnology:pax_a930:-:::::::*

References

github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27197.md

wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-27197