CVE-2024-0675

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*
cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*
cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*

History

08 Feb 2024, 16:39

Type Values Removed Values Added
First Time Lamassu douro Ii
Lamassu douro Ii Firmware
Lamassu
Lamassu douro Firmware
Lamassu douro
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines - Third Party Advisory
CPE cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*
cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*
cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*
cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*

30 Jan 2024, 14:18

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-30 13:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-0675

Mitre link : CVE-2024-0675

CVE.ORG link : CVE-2024-0675


JSON object : View

Products Affected

lamassu

  • douro_firmware
  • douro_ii
  • douro
  • douro_ii_firmware
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions