CVE-2023-42133

low-risk

Published 2024-10-11

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

References (4)

https://blog.stmcyber.com/pax-pos-cves-2023/

https://cert.pl/en/posts/2024/10/CVE-2023-42133

https://cert.pl/posts/2024/10/CVE-2023-42133

https://ppn.paxengine.com/release/development?

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal