Vulnerabilities > CVE-2017-5634 - Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

norwegian-air

CWE-668

NVD

Published: 2017-02-09

Updated: 2019-10-03

Summary

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

Vulnerable Configurations

Part	Description	Count
Application	Norwegian-Air Norwegian AIR Norwegian AIR Kiosk -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

http://www.securityfocus.com/bid/96230
https://bugemot.com/bug/190
https://www.youtube.com/watch?v=2j9gP5Qu2WA
https://www.youtube.com/watch?v=WSQW0ipnXQg