CVE-2017-5634 - The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to

CVE-2017-5634

Summary

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

References

http://www.securityfocus.com/bid/96230
https://bugemot.com/bug/190
https://www.youtube.com/watch?v=2j9gP5Qu2WA
https://www.youtube.com/watch?v=WSQW0ipnXQg

Vulnerable Configurations

cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-:*:*:*:*:*:*:*
cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-668

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	96230
misc	https://bugemot.com/bug/190 https://www.youtube.com/watch?v=2j9gP5Qu2WA https://www.youtube.com/watch?v=WSQW0ipnXQg

Last major update

03-10-2019 - 00:03

Published

09-02-2017 - 16:59

Last modified

03-10-2019 - 00:03