CVE-2024-0674 - OpenCVE

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lamassu	Douro Douro Firmware Douro Ii Douro Ii Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-01-30T12:19:00.674Z

Updated: 2024-08-01T18:11:35.674Z

Reserved: 2024-01-18T11:38:15.095Z

Link: CVE-2024-0674

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-30T13:15:08.330

Modified: 2024-02-08T16:39:59.450

Link: CVE-2024-0674

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0674", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-01-18T11:38:15.095Z", "datePublished": "2024-01-30T12:19:00.674Z", "dateUpdated": "2024-08-01T18:11:35.674Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bitcoin ATM Douro machines", "vendor": "Lamassu", "versions": [{"status": "affected", "version": "7.1"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gabriel Gonz\u00e1lez"}], "datePublic": "2024-01-18T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."}], "value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-01-30T12:20:24.828Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerabilities have been resolved in version 8.1.5-1 and 8.1.6."}], "value": "The vulnerabilities have been resolved in version 8.1.5-1 and 8.1.6."}], "source": {"discovery": "UNKNOWN"}, "title": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.674Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A91DE83C-3B58-41AA-BD7E-3894617B9740", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*", "matchCriteriaId": "827786B5-C5F1-4F98-95EC-DCF681683ECA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3355BA32-76B3-4245-9C31-1F778B7D1848", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "14DA65BF-520F-415F-8A4C-CF06DDCC147C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."}, {"lang": "es", "value": "Vulnerabilidad de escalada de privilegios en m\u00e1quinas Lamassu Bitcoin ATM Douro, en su versi\u00f3n 7.1, que podr\u00eda permitir a un usuario local adquirir permisos root modificando el updatescript.js, insertando un c\u00f3digo especial dentro del script y creando el archivo done.txt. Esto har\u00eda que el proceso de vigilancia se ejecutara como root y ejecutarael payload almacenado en updatescript.js."}], "id": "CVE-2024-0674", "lastModified": "2024-02-08T16:39:59.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 5.9, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2024-01-30T13:15:08.330", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}