CVE-2023-27199

Name of the Vulnerable Software and Affected Versions PAX Technology A930 PayDroid version 7.1.1 Virgo V04.5.02 20220722

Description The issue allows attackers to compile a malicious shared library and use LD PRELOAD to bypass authorization checks. This can be achieved by utilizing the LD PRELOAD environment variable to load a malicious shared library, which can then be used to bypass authorization checks.

Recommendations For PAX Technology A930 PayDroid version 7.1.1 Virgo V04.5.02 20220722, consider restricting the use of the LD PRELOAD environment variable to minimize the risk of exploitation. Additionally, monitor for any suspicious library loading activity to detect potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.