Lucene search

[email protected]NVD:CVE-2022-26579

HistoryDec 16, 2022 - 10:15 p.m.

CVE-2022-26579

2022-12-1622:15:08

CWE-345

[email protected]

web.nvd.nist.gov

pax a930

paydroid 7.1.1 virgo

root privileged attacker

unsigned packages

shell access

root privileges

vulnerability

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.

Affected configurations

NVD

Node

paxtechnologya930Match-

AND

paxtechnologypaydroidMatch7.1.1_virgo_v04.3.26t1_20210419

References

cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c

github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2022/CVEs/CVE-2022-26579.md

wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2022/

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-26579

cve1 cvelist1 prion1