Описание
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
6.6 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-668
Связанные уязвимости
CVSS3: 6.6
github
больше 3 лет назад
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
EPSS
Процентиль: 19%
0.0006
Низкий
6.6 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-668