Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.
References
Link | Resource |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-01-30T12:19:00.674Z
Updated: 2024-01-30T12:20:24.828Z
Reserved: 2024-01-18T11:38:15.095Z
Link: CVE-2024-0674
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-30T13:15:08.330
Modified: 2024-02-08T16:39:59.450
Link: CVE-2024-0674
JSON object: View
Redhat Information
No data.