Oyolo

**Name of the Vulnerable Software and Affected Versions** Ariane Allegro Scenario Player through 2024-03-05 **Description** The issue allows physically proximate attackers to obtain sensitive information, such as hotel invoice content with personally identifiable information (PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS. This affects the Ariane Duo kiosk mode. The vulnerability exposes the personal data of hotel guests, posing a significant risk to privacy. It is estimated that over 3,000 hotels are affected. **Recommendations** For Ariane Allegro Scenario Player through 2024-03-05, update the software to a version released after 2024-03-05 to prevent unauthorized access to sensitive information. As a temporary workaround, consider restricting access to the kiosk mode until a patch is available. Ensure the software is updated, monitor kiosks, and segment networks to minimize the risk of exploitation.