Vulnerability Details : CVE-2023-27199
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.
Products affected by CVE-2023-27199
- cpe:2.3:o:paxtechnology:pax_a930_firmware:paydroid_7.1.1_virgo_v04.5.02_20220722:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-27199
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-27199
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2023-27199
-
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-27199
-
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/
PAX Paydroid Vulnerabilities Advisory 2023 - wr3nchsr
-
https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27199.md
PAX-Paydroid-Advisories/advisories/2023/CVEs/CVE-2023-27199.md at master · wr3nchsr/PAX-Paydroid-Advisories · GitHubThird Party Advisory
Jump to