PatchSiren cyber security CVE debrief

CVE-2017-5634 Norwegian Air CVE debrief

CVE-2017-5634 is a medium-severity kiosk vulnerability affecting the Norwegian Air Shuttle kiosk environment. According to the CVE description, a physically proximate attacker can bypass the intended “Please select booking identification” step by using the touchscreen print icon to manipulate the print dialog, then gain administrative privileges and network access on the underlying Windows OS. NVD assigns CVSS 3.0 6.6 (AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting that the issue is local-physical rather than remote, but still high impact once reached.

Vendor: Norwegian Air
Product: CVE-2017-5634
CVSS: MEDIUM 6.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-09
Original CVE updated: 2026-05-13
Advisory published: 2017-02-09
Advisory updated: 2026-05-13

Who should care

Airport and airline kiosk operators, endpoint and kiosk management teams, physical security teams responsible for public terminals, and defenders who monitor Windows-based kiosks exposed to untrusted users.

Technical summary

NVD classifies the issue under CWE-668 and lists the vulnerable CPE as cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-:*:*:*:*:*:*:*. The attack path described in the CVE requires physical proximity and uses a touchscreen print icon/print dialog interaction to bypass a UI gate. Because the result is administrative access and network access on the kiosk’s Windows host, the practical risk is highest where kiosks are publicly accessible or insufficiently supervised.

Defensive priority

Medium overall; elevated priority for any publicly accessible kiosk or shared terminal that remains physically reachable by untrusted users.

Recommended defensive actions

Restrict physical access to kiosk terminals and ensure they cannot be manipulated by nearby users without supervision.
Review kiosk hardening to remove or lock down print functionality, dialog access, and any UI paths that can escape the intended application flow.
Apply application allowlisting, least privilege, and endpoint lockdown controls so kiosk users cannot obtain administrative access from the UI.
Segment kiosk network access so compromise of a kiosk does not provide broad internal network reach.
Validate kiosk configurations against the vulnerable Norwegian Air kiosk CPE shown in NVD and inventory any similar Windows-based public terminals.
Monitor for unexpected local UI interaction patterns, print-dialog launches, and privilege escalation attempts on kiosk endpoints.

Evidence notes

All claims here are limited to the supplied CVE/NVD metadata and the linked reference list. The CVE description states the physical-proximity print-dialog bypass and resulting admin/network access on the underlying Windows OS. NVD provides the CVSS vector (AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the CWE-668 classification, and the vulnerable kiosk CPE. No vendor bulletin or remediation advisory was included in the supplied corpus.

Official resources

CVE-2017-5634 CVE record
CVE.org
CVE-2017-5634 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory

CVE published 2017-02-09 and last modified 2026-05-13 in the supplied NVD metadata. No KEV entry was provided in the supplied data.