Vulnerability in Norwegian Air Shuttle Kiosk Allows Unauthorized Administrative Access

Vulnerability in Norwegian Air Shuttle Kiosk Allows Unauthorized Administrative Access

CVE-2017-5634 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.

Learn more about our Cis Benchmark Audit For Apple Ios.