CVE-2017-5634 — MEDIUM (6.6)

Vulnerability Description

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

CVSS Score

6.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Norwegian-Air	Norwegian Air Kiosk	-

Related Weaknesses (CWE)

CWE-668

References

http://www.securityfocus.com/bid/96230
https://bugemot.com/bug/190Third Party Advisory
https://www.youtube.com/watch?v=2j9gP5Qu2WAThird Party Advisory
https://www.youtube.com/watch?v=WSQW0ipnXQgThird Party Advisory
http://www.securityfocus.com/bid/96230
https://bugemot.com/bug/190Third Party Advisory
https://www.youtube.com/watch?v=2j9gP5Qu2WAThird Party Advisory
https://www.youtube.com/watch?v=WSQW0ipnXQgThird Party Advisory

FAQ

What is CVE-2017-5634?

CVE-2017-5634 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privi...

How severe is CVE-2017-5634?

CVE-2017-5634 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5634?

Check the references section above for vendor advisories and patch information. Affected products include: Norwegian-Air Norwegian Air Kiosk.