Vulnerabilities > CVE-2017-5634 - Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk

047910
CVSS 6.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
norwegian-air
CWE-668

Summary

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

Vulnerable Configurations

Part Description Count
Application
Norwegian-Air
1

Common Weakness Enumeration (CWE)