Lucene search

[email protected]CVE-2023-27197

HistoryJul 05, 2023 - 8:15 p.m.

CVE-2023-27197

2023-07-0520:15:10

[email protected]

web.nvd.nist.gov

pax a930

cve-2023-27197

paydroid

root access

vulnerability

nvd

security

exploit

shared library

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.

Affected configurations

NVD

Node

paxtechnologypax_a930_firmwareMatchpaydroid_7.1.1_virgo_v04.5.02_20220722

AND

paxtechnologypax_a930Match-

CPENameOperatorVersion
paxtechnology:pax_a930_firmwarepaxtechnology pax a930 firmwareeqpaydroid_7.1.1_virgo_v04.5.02_20220722

CPE	Name	Operator	Version
paxtechnology:pax_a930_firmware	paxtechnology pax a930 firmware	eq	paydroid_7.1.1_virgo_v04.5.02_20220722

References

github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27197.md

wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-27197

cvelist1 nvd1 prion1