CVE-2018-17486

Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
ibmCNA
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.0/C:N/AC:H/I:L/AV:L/PR:N/A:N/UI:N/S:U/RC:R/RL:U/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
jollytechlobby_track
8.2.186
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646
https://exchange.xforce.ibmcloud.com/vulnerabilities/149646