Vulnerabilities > CVE-2017-5634 - Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
norwegian-air
CWE-668

Summary

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

Vulnerable Configurations

Part Description Count
Application
Norwegian-Air
1

Common Weakness Enumeration (CWE)