CVE-2018-17496

EUVD-2018-9249
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/C:H/AC:L/I:H/A:H/PR:N/AV:L/S:U/UI:N/RC:C/RL:O/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
thresholdsecurityevisitorpass
1.5.5.2
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/149656
https://exchange.xforce.ibmcloud.com/vulnerabilities/149656