CVE-2024-0674

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*

History

08 Feb 2024, 16:39

Type	Values Removed	Values Added
CPE		cpe:2.3:h:lamassu:douro:-:::::::* cpe:2.3:o:lamassu:douro_firmware:7.1:::::::* cpe:2.3:o:lamassu:douro_ii_firmware:7.1:::::::* cpe:2.3:h:lamassu:douro_ii:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : 7.8
CWE		CWE-281
First Time		Lamassu douro Ii Firmware Lamassu douro Lamassu douro Ii Lamassu douro Firmware Lamassu
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines - Third Party Advisory

30 Jan 2024, 14:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-30 13:15

Updated : 2024-02-08 16:39

NVD link : CVE-2024-0674

Mitre link : CVE-2024-0674

CVE.ORG link : CVE-2024-0674

JSON object : View

Products Affected

lamassu

douro_firmware
douro_ii
douro_ii_firmware
douro

CWE

CWE-281

Improper Preservation of Permissions

CWE-269

Improper Privilege Management

{"id": "CVE-2024-0674", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.4}]}, "published": "2024-01-30T13:15:08.330", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."}, {"lang": "es", "value": "Vulnerabilidad de escalada de privilegios en m\u00e1quinas Lamassu Bitcoin ATM Douro, en su versi\u00f3n 7.1, que podr\u00eda permitir a un usuario local adquirir permisos root modificando el updatescript.js, insertando un c\u00f3digo especial dentro del script y creando el archivo done.txt. Esto har\u00eda que el proceso de vigilancia se ejecutara como root y ejecutarael payload almacenado en updatescript.js."}], "lastModified": "2024-02-08T16:39:59.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A91DE83C-3B58-41AA-BD7E-3894617B9740"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "827786B5-C5F1-4F98-95EC-DCF681683ECA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3355BA32-76B3-4245-9C31-1F778B7D1848"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14DA65BF-520F-415F-8A4C-CF06DDCC147C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}