7.2

CVE-2017-5634

EPSS 0.06%
Veröffentlicht 09.02.2017 16:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Norwegian-air ≫ Norwegian Air Kiosk Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.157

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.6	0.7	5.9	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

http://www.securityfocus.com/bid/96230

https://bugemot.com/bug/190

Third Party Advisory

https://www.youtube.com/watch?v=2j9gP5Qu2WA

Third Party Advisory

https://www.youtube.com/watch?v=WSQW0ipnXQg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-5634

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5634

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5634

EUVD