PT-2023-21000 · Pax Technology · Pax Technology A930 Paydroid
Saif Aziz
+1
·
Published
2023-07-05
·
Updated
2024-12-04
·
CVE-2023-27199
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PAX Technology A930 PayDroid version 7.1.1 Virgo V04.5.02 20220722
Description
The issue allows attackers to compile a malicious shared library and use LD PRELOAD to bypass authorization checks. This can be achieved by utilizing the
LD PRELOAD environment variable to load a malicious shared library, which can then be used to bypass authorization checks.Recommendations
For PAX Technology A930 PayDroid version 7.1.1 Virgo V04.5.02 20220722, consider restricting the use of the
LD PRELOAD environment variable to minimize the risk of exploitation. Additionally, monitor for any suspicious library loading activity to detect potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pax Technology A930 Paydroid