CVE-2024-37364

Name of the Vulnerable Software and Affected Versions Ariane Allegro Scenario Player through 2024-03-05

Description The issue allows physically proximate attackers to obtain sensitive information, such as hotel invoice content with personally identifiable information (PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS. This affects the Ariane Duo kiosk mode. The vulnerability exposes the personal data of hotel guests, posing a significant risk to privacy. It is estimated that over 3,000 hotels are affected.

Recommendations For Ariane Allegro Scenario Player through 2024-03-05, update the software to a version released after 2024-03-05 to prevent unauthorized access to sensitive information. As a temporary workaround, consider restricting access to the kiosk mode until a patch is available. Ensure the software is updated, monitor kiosks, and segment networks to minimize the risk of exploitation.