CVE-2017-5634
MEDIUMNorwegian Air Kiosk - Unauthenticated Privilege Escalation via Print Dialog Manipulation
Title source: llmDescription
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=2j9gP5Qu2WA
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96230
Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=WSQW0ipnXQg
Third Party Advisory x_refsource_misc
https://bugemot.com/bug/190
Scores
CVSS v3
6.6
EPSS
0.0042
EPSS Percentile
33.6%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (1)
norwegian-air/norwegian_air_kiosk
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026