Lucene search

[email protected]NVD:CVE-2023-26980

HistoryApr 14, 2023 - 1:15 p.m.

CVE-2023-26980

2023-04-1413:15:07

CWE-362

[email protected]

web.nvd.nist.gov

pax technology

race condition

bypass payment software

force os boot

android

vendor dispute

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications.

Affected configurations

Nvd

Node

paxpaydroidMatch8.1

AND

paxa920_proMatch-

VendorProductVersionCPE
paxpaydroid8.1cpe:2.3:a:pax:paydroid:8.1:*:*:*:*:*:*:*
paxa920_pro-cpe:2.3:h:pax:a920_pro:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pax	paydroid	8.1	cpe:2.3:a:pax:paydroid:8.1:::::::*
pax	a920_pro	-	cpe:2.3:h:pax:a920_pro:-:::::::*

References

docs.google.com/document/d/189b1494s8RF8ksaOijKhKb-3B8gj3pLUmgn0dqg-jqs/edit

drive.google.com/drive/u/0/folders/14X-XTYhkiaIVBS3zf68VigG4-imbKEuV

uploads.strikinglycdn.com/files/f1d54bf4-3803-480c-b4d3-0943f7dac76e/A920_EN_20200605.pdf?id=237392

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-26980

prion1 cve1 vulnrichment1 cvelist1