Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:CDFB3A384348E63D7E4E3E637028F465
HistoryJan 17, 2024 - 1:51 p.m.

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

2024-01-1713:51:00
The Hacker News
thehackernews.com
36
pax technology
high-severity vulnerabilities
arbitrary code execution
privilege escalation
local code execution
bootloader
stm cyber
cve-2023-42133
cve-2023-42134
cve-2023-42135
cve-2023-42136
cve-2023-42137
cve-2023-4818
sandboxing protections
secure processor
security researchers
physical usb access
patches
twitter
linkedin

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

point-of-sale

The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code.

The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for privilege escalation and local code execution from the bootloader.

Cybersecurity

Details about one of the vulnerabilities (CVE-2023-42133) have been currently withheld. The other flaws are listed below -

  • CVE-2023-42134 & CVE-2023-42135 (CVSS score: 7.6) - Local code execution as root via kernel parameter injection in fastboot (Impacts PAX A920Pro/PAX A50)
  • CVE-2023-42136 (CVSS score: 8.8) - Privilege escalation from any user/application to system user via shell injection binder-exposed service (Impacts All Android-based PAX PoS devices)
  • CVE-2023-42137 (CVSS score: 8.8) - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon (Impacts All Android-based PAX PoS devices)
  • CVE-2023-4818 (CVSS score: 7.3) - Bootloader downgrade via improper tokenization (Impacts PAX A920)

Successful exploitation of the aforementioned weaknesses could permit an attacker to elevate their privileges to root and bypass sandboxing protections, effectively gaining carte blanche access to perform any operation.

Cybersecurity

This includes interfering with the payment operations to β€œmodify data the merchant application sends to the [Secure Processor], which includes transaction amount,” security researchers Adam KliΕ› and Hubert Jasudowicz said.

It’s worth mentioning that exploiting CVE-2023-42136 and CVE-2023-42137 requires an attacker to have shell access to the device, while the remaining three necessitate that the threat actor has physical USB access to it.

The Warsaw-based penetration testing company said it responsibly disclosed the flaws to PAX Technology in early May 2023, following which patches were released by the latter in November 2023.

Found this article interesting? Follow us on Twitter ο‚™ and LinkedIn to read more exclusive content we post.

Related

cve 5
prion 5
nvd 5
cvelist 5
vulnrichment 1
cve
cve
CVE-2023-42136
2024-01-15 14:15:24
CVE-2023-42135
2024-01-15 14:15:24
CVE-2023-42134
2024-01-15 14:15:24
prion
prion
Input validation
2024-01-15 14:15:00
Design/Logic Flaw
2024-01-15 14:15:00
Design/Logic Flaw
2024-01-15 14:15:00
nvd
nvd
CVE-2023-42134
2024-01-15 14:15:24
CVE-2023-42135
2024-01-15 14:15:24
CVE-2023-42136
2024-01-15 14:15:24
cvelist
cvelist
CVE-2023-42137
2024-01-15 13:28:59
CVE-2023-42135
2024-01-15 13:28:55
CVE-2023-42136
2024-01-15 13:28:57
vulnrichment
vulnrichment
CVE-2023-42136
2024-01-15 13:28:57

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON
Related for THN:CDFB3A384348E63D7E4E3E637028F465
cve5prion5nvd5cvelist5vulnrichment1