admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json
cad-safe-bot bdc74a7bb4 Auto-Update: 2024-10-10T18:00:18.882198+00:00
2024-10-10 18:03:19 +00:00

341 lines
9.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-42137",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-15T14:15:24.900",
"lastModified": "2024-10-10T16:15:06.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Los dispositivos POS PAX basados en Android con PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 o anterior pueden permitir la ejecuci\u00f3n de comandos con altos privilegios mediante el uso de enlaces simb\u00f3licos maliciosos. El atacante debe tener acceso de shell al dispositivo para poder aprovechar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a6650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C020172-6E0C-4265-B4C9-ED93C84FE8AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCD5218-5AA0-4086-926C-3EAEE1E43136"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a77:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0390BD9D-1FF7-456E-9394-34F009DE82CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D351F870-D43F-48B4-B2AC-0FDDD7B82ED4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:a920_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8612B592-DFE4-4B66-B24D-71EEA747FAA2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614",
"matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:paxtechnology:d190:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9483F8-5201-4F31-9F9A-F00A48C4C972"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.stmcyber.com/pax-pos-cves-2023/",
"source": "cvd@cert.pl",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/",
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-4818/",
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://ppn.paxengine.com/release/development",
"source": "cvd@cert.pl",
"tags": [
"Permissions Required"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink