CVE-2024-37364 Information

Description

Ariane Allegro Scenario Player through 2024-03-05 when Ariane Duo kiosk mode is used allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII) and potentially create unauthorized room keys by entering a guest-search quote character and then accessing the underlying Windows OS.

Reference

https://www.pentagrid.ch/en/blog/ariane-allegro-hotel-check-in-terminal-kios-escape/ https://news.ycombinator.com/item?id=40582475