CVE-2024-0674

Опубликовано: 30 янв. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 7.8

EPSS Низкий

Описание

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-269

CWE-281

Связанные уязвимости

GHSA-54p6-86fq-2pg8

CVSS3: 6.3

github

около 2 лет назад

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-269

CWE-281