Vulnerabilities > CVE-2017-5634 - Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk

CVSS 6.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

norwegian-air

CWE-668

NVD

Published: 2017-02-09

Updated: 2019-10-03

Summary

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

Vulnerable Configurations

Part	Description	Count
Application	Norwegian-Air Norwegian AIR Norwegian AIR Kiosk -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.youtube.com/watch?v=WSQW0ipnXQg
https://www.youtube.com/watch?v=2j9gP5Qu2WA
https://bugemot.com/bug/190
http://www.securityfocus.com/bid/96230