Vulnerability Details : CVE-2017-5634
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
Products affected by CVE-2017-5634
- cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5634
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
0.7
|
5.9
|
NIST |
CWE ids for CVE-2017-5634
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5634
-
https://bugemot.com/bug/190
Airline kiosk - BUG-190 - BUGemotThird Party Advisory
-
http://www.securityfocus.com/bid/96230
Norwegian Air Shuttle Airline Kiosk CVE-2017-5634 Authentication Bypass Vulnerability
-
https://www.youtube.com/watch?v=WSQW0ipnXQg
Norvegian - 02 - YouTubeThird Party Advisory
-
https://www.youtube.com/watch?v=2j9gP5Qu2WA
Norvegian - 01 - YouTubeThird Party Advisory
Jump to