Vulnerabilities > Lamassu

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-30	CVE-2024-0674	Improper Preservation of Permissions vulnerability in Lamassu Douro Firmware and Douro II Firmware Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. local low complexity lamassu CWE-281	7.8
2024-01-30	CVE-2024-0675	Improper Check for Unusual or Exceptional Conditions vulnerability in Lamassu Douro Firmware and Douro II Firmware Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user. low complexity lamassu CWE-754	6.8
2024-01-30	CVE-2024-0676	Weak Password Requirements vulnerability in Lamassu Douro Firmware and Douro II Firmware Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack. local low complexity lamassu CWE-521	7.1

Vulnerabilities > Lamassu {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Lamassu"}]}