CVE-2023-27199: PAX-Paydroid-Advisories/advisories/2023/CVEs/CVE-2023-27199.md at master · wr3nchsr/PAX-Paydroid-Advisories

Permalink

Cannot retrieve contributors at this time

Authorization Checks Bypass and Privilege Escalation With LD_PRELOAD

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks enforced by functions exported by shared libraries and/or gain root access by force calling an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.

CVE ID

CVE-2023-27199

Vendor

PAX Technology

Product

PAX A930

Version

PayDroid_7.1.1_Virgo_V04.5.02_20220722

CVSS Score

8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Category

CWE-749: Exposed Dangerous Method or Function