CVE-2024-0675

Опубликовано: 30 янв. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 6.8

EPSS Низкий

Описание

Vulnerability of improper checking for unusual or exceptional conditions

in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,

the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

6.3 Medium

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-754

Связанные уязвимости

GHSA-wfhp-x3v9-6957

CVSS3: 6.3

github

около 2 лет назад

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.

EPSS

Процентиль: 12%

0.00039

Низкий

6.3 Medium

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-754