CVE-2024-0675

Name of the Vulnerable Software and Affected Versions Lamassu Bitcoin ATM Douro version 7.1

Description The issue is related to improper checking for unusual or exceptional conditions in the Lamassu Bitcoin ATM Douro machines. This could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface, and execute arbitrary commands as an unprivileged user.

Recommendations For version 7.1, consider restricting physical access to the ATM to minimize the risk of exploitation. As a temporary workaround, disabling access to the underlying Xwindow interface could help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.