CVE-2023-42135 - OpenCVE

PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paxtechnology	A50 A920 Pro Paydroid

Configuration 1 [-]

AND

cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
https://cert.pl/posts/2024/01/CVE-2023-4818/
https://ppn.paxengine.com/release/development

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-15T13:28:55.478Z

Updated: 2024-08-02T19:16:50.611Z

Reserved: 2023-09-07T13:17:57.372Z

Link: CVE-2023-42135

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-15T14:15:24.413

Modified: 2024-01-19T15:47:29.607

Link: CVE-2023-42135

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42135", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-09-07T13:17:57.372Z", "datePublished": "2024-01-15T13:28:55.478Z", "dateUpdated": "2024-08-02T19:16:50.611Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "A920 Pro", "vendor": "PAX Technology", "versions": [{"lessThanOrEqual": "11.1.50_20230614", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "A50", "vendor": "PAX Technology", "versions": [{"lessThanOrEqual": "11.1.50_20230614", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Jasudowicz, Adam Kli\u015b and other members of STM Cyber R&D team"}], "datePublic": "2024-01-15T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. <br></div><div><br></div>The attacker must have physical USB access to the device in order to exploit this vulnerability."}], "value": "PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. \n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-15T13:45:01.681Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://ppn.paxengine.com/release/development"}, {"tags": ["technical-description"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:16:50.611Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://ppn.paxengine.com/release/development"}, {"tags": ["technical-description", "x_transferred"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8", "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. \n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability."}, {"lang": "es", "value": "Los dispositivos PAX A920Pro/A50 con PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 o anterior pueden permitir la ejecuci\u00f3n de c\u00f3digo local mediante inyecci\u00f3n de par\u00e1metros al omitir la validaci\u00f3n de entrada al actualizar una partici\u00f3n espec\u00edfica. El atacante debe tener acceso USB f\u00edsico al dispositivo para poder aprovechar esta vulnerabilidad."}], "id": "CVE-2023-42135", "lastModified": "2024-01-19T15:47:29.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2024-01-15T14:15:24.413", "references": [{"source": "cvd@cert.pl", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}, {"source": "cvd@cert.pl", "tags": ["Permissions Required"], "url": "https://ppn.paxengine.com/release/development"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cvd@cert.pl", "type": "Secondary"}]}