CVE-2018-17486
low-risk
Published 2019-03-21
Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.9/10
Low
LOCAL
/ HIGH complexity
Affected Products (1)
Lobby Track
Affected Vendors
References (2)
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646
13
/ 100
low-risk
Severity
8/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal