CVE-2018-17486

EUVD-2018-9239
Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
ibmCNA
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.0/C:N/AC:H/I:L/AV:L/PR:N/A:N/UI:N/S:U/RC:R/RL:U/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
jollytechlobby_track
8.2.186
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646