Vulnerability Details CVE-2017-5634
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.9%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/bid/96230
- https://bugemot.com/bug/190
- https://www.youtube.com/watch?v=2j9gP5Qu2WA
- https://www.youtube.com/watch?v=WSQW0ipnXQg
- http://www.securityfocus.com/bid/96230
- https://bugemot.com/bug/190
- https://www.youtube.com/watch?v=2j9gP5Qu2WA
- https://www.youtube.com/watch?v=WSQW0ipnXQg
Products affected by CVE-2017-5634
-
cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-