Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-01-30T12:19:00.674Z
Updated: 2024-08-01T18:11:35.674Z
Reserved: 2024-01-18T11:38:15.095Z
Link: CVE-2024-0674
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-30T13:15:08.330
Modified: 2024-11-21T08:47:07.360
Link: CVE-2024-0674
Redhat
No data.