CVE-2023-42133

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Related Vulnerabilities

CVE-2019-14510

MEDIUM
CVSS:6.7(Medium)

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server ...

CWE-2762019

CVE-2019-14718

MEDIUM
CVSS:6.7(Medium)

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

CWE-2762019

CVE-2020-0122

MEDIUM
CVSS:6.7(Medium)

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of pri...

CWE-2762020

CVE-2020-25593

MEDIUM
CVSS:6.7(Medium)

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

CWE-2762020

CVE-2020-29489

MEDIUM
CVSS:6.7(Medium)

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password ...

CWE-2762020

CVE-2020-8701

MEDIUM
CVSS:6.7(Medium)

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-2762020