CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0674

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.3%

CVSS Severity

CVSS v3 Score 6.3

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines

Products affected by CVE-2024-0674

Lamassu » Douro » Version: N/A

cpe:2.3:h:lamassu:douro:-
Lamassu » Douro Ii » Version: N/A

cpe:2.3:h:lamassu:douro_ii:-
Lamassu » Douro Firmware » Version: 7.1

cpe:2.3:o:lamassu:douro_firmware:7.1
Lamassu » Douro Ii Firmware » Version: 7.1

cpe:2.3:o:lamassu:douro_ii_firmware:7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0674

Products

Pricing

Contact Us