Vulnerability Details : CVE-2018-17486
Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.
Products affected by CVE-2018-17486
- cpe:2.3:a:jollytech:lobby_track:8.2.186:*:*:*:desktop:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-17486
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-17486
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:P |
3.9
|
4.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST | |
2.9
|
LOW | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
1.4
|
1.4
|
IBM Corporation |
References for CVE-2018-17486
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646
Lobby Track Desktop visitor records security bypass CVE-2018-17486 Vulnerability ReportVDB Entry;Third Party Advisory
Jump to