CVE-2018-17494

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/I:H/AV:L/A:H/PR:N/UI:N/S:U/AC:L/C:H/E:U/RL:O/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
thresholdsecurityevisitorpass
1.5.5.2
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/149654
https://exchange.xforce.ibmcloud.com/vulnerabilities/149654