CVE-2023-27199

Опубликовано: 05 июл. 2023

Источник: nvd

CVSS3: 6.7

EPSS Низкий

Описание

PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.

Ссылки

https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27199.md
Third Party Advisory
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/
https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27199.md
Third Party Advisory
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:paxtechnology:pax_a930_firmware:paydroid_7.1.1_virgo_v04.5.02_20220722:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:pax_a930:-:*:*:*:*:*:*:*

EPSS

Процентиль: 0%

0.00007

Низкий

6.7 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-290

Связанные уязвимости

GHSA-v46g-6fx7-cp78