CVE-2023-42137 - OpenCVE

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Paxtechnology	D190 A920 A800 A920 Pro A6650 Paydroid A920 Max A50 A77

Configuration 1 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a6650:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a800:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a77:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a920_max:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:d190:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.stmcyber.com/pax-pos-cves-2023/	Exploit Third Party Advisory
https://cert.pl/en/posts/2024/01/CVE-2023-4818/	Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-4818/	Third Party Advisory
https://ppn.paxengine.com/release/development	Permissions Required

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-15T13:28:59.106Z

Updated: 2024-01-15T13:28:59.106Z

Reserved: 2023-09-07T13:17:57.372Z

Link: CVE-2023-42137

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-15T14:15:24.900

Modified: 2024-01-19T16:21:06.650

Link: CVE-2023-42137

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-42137", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-09-07T13:17:57.372Z", "datePublished": "2024-01-15T13:28:59.106Z", "dateUpdated": "2024-01-15T13:28:59.106Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Android"], "product": "POS terminals", "vendor": "PAX Technology", "versions": [{"lessThanOrEqual": "11.1.50_20230614", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Jasudowicz, Adam Kli\u015b and other members of STM Cyber R&D team"}], "datePublic": "2024-01-15T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.</div><div><br></div><div>The attacker must have shell access to the device in order to exploit this vulnerability. <br></div>"}], "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability. \n\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-15T13:28:59.106Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://ppn.paxengine.com/release/development"}, {"tags": ["technical-description"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C020172-6E0C-4265-B4C9-ED93C84FE8AA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a800:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFCD5218-5AA0-4086-926C-3EAEE1E43136", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a77:-:*:*:*:*:*:*:*", "matchCriteriaId": "0390BD9D-1FF7-456E-9394-34F009DE82CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*", "matchCriteriaId": "D351F870-D43F-48B4-B2AC-0FDDD7B82ED4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a920_max:-:*:*:*:*:*:*:*", "matchCriteriaId": "8612B592-DFE4-4B66-B24D-71EEA747FAA2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:d190:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB9483F8-5201-4F31-9F9A-F00A48C4C972", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability. \n\n\n"}, {"lang": "es", "value": "Los dispositivos POS PAX basados en Android con PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 o anterior pueden permitir la ejecuci\u00f3n de comandos con altos privilegios mediante el uso de enlaces simb\u00f3licos maliciosos. El atacante debe tener acceso de shell al dispositivo para poder aprovechar esta vulnerabilidad."}], "id": "CVE-2023-42137", "lastModified": "2024-01-19T16:21:06.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2024-01-15T14:15:24.900", "references": [{"source": "cvd@cert.pl", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}, {"source": "cvd@cert.pl", "tags": ["Permissions Required"], "url": "https://ppn.paxengine.com/release/development"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cvd@cert.pl", "type": "Secondary"}]}