Lucene search

[email protected]CVE-2023-26980

HistoryApr 14, 2023 - 1:15 p.m.

CVE-2023-26980

2023-04-1413:15:07

CWE-362

[email protected]

web.nvd.nist.gov

cve-2023-26980

pax technology

a920 pro

paydroid

race condition

vulnerability

os boot

android

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications.

Affected configurations

NVD

Node

paxpaydroidMatch8.1

AND

paxa920_proMatch-

CPENameOperatorVersion
pax:paydroidpax paydroideq8.1

CPE	Name	Operator	Version
pax:paydroid	pax paydroid	eq	8.1

References

docs.google.com/document/d/189b1494s8RF8ksaOijKhKb-3B8gj3pLUmgn0dqg-jqs/edit

drive.google.com/drive/u/0/folders/14X-XTYhkiaIVBS3zf68VigG4-imbKEuV

uploads.strikinglycdn.com/files/f1d54bf4-3803-480c-b4d3-0943f7dac76e/A920_EN_20200605.pdf?id=237392

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-26980

cvelist1 prion1 nvd1 vulnrichment1