CVE-2018-17496

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/C:H/AC:L/I:H/A:H/PR:N/AV:L/S:U/UI:N/RC:C/RL:O/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
thresholdsecurityevisitorpass
1.5.5.2
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/149656
https://exchange.xforce.ibmcloud.com/vulnerabilities/149656