CVE-2024-0674

{"id": "CVE-2024-0674", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.4}]}, "published": "2024-01-30T13:15:08.330", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."}, {"lang": "es", "value": "Vulnerabilidad de escalada de privilegios en m\u00e1quinas Lamassu Bitcoin ATM Douro, en su versi\u00f3n 7.1, que podr\u00eda permitir a un usuario local adquirir permisos root modificando el updatescript.js, insertando un c\u00f3digo especial dentro del script y creando el archivo done.txt. Esto har\u00eda que el proceso de vigilancia se ejecutara como root y ejecutarael payload almacenado en updatescript.js."}], "lastModified": "2024-02-08T16:39:59.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A91DE83C-3B58-41AA-BD7E-3894617B9740"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "827786B5-C5F1-4F98-95EC-DCF681683ECA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3355BA32-76B3-4245-9C31-1F778B7D1848"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14DA65BF-520F-415F-8A4C-CF06DDCC147C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}