CVE-2017-5634
low-risk
Published 2017-02-09
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.6/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (1)
Norwegian Air Kiosk
Affected Vendors
References (8)
Third Party Advisory
https://bugemot.com/bug/190
Third Party Advisory
https://www.youtube.com/watch?v=2j9gP5Qu2WA
Third Party Advisory
https://www.youtube.com/watch?v=WSQW0ipnXQg
Third Party Advisory
https://bugemot.com/bug/190
Third Party Advisory
https://www.youtube.com/watch?v=2j9gP5Qu2WA
Third Party Advisory
https://www.youtube.com/watch?v=WSQW0ipnXQg
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal