CVE-2018-18766

9.8 CRITICAL

📋 TL;DR

An elevation of privilege vulnerability in Provisio SiteKiosk's Call Dispatcher allows attackers to execute arbitrary code with SYSTEM privileges. This affects all SiteKiosk installations before version 9.7.4905, primarily impacting kiosk systems in public spaces like libraries, museums, and retail environments.

💻 Affected Systems

Products:

• Provisio SiteKiosk

Versions: All versions before 9.7.4905

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: SiteKiosk is typically deployed on Windows-based kiosk systems in public environments with limited user privileges.

📦 What is this software?

Sitekiosk by Provisio

View all CVEs affecting Sitekiosk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, allowing installation of persistent malware, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to kiosk system takeover, potentially enabling unauthorized access to restricted applications or data on the kiosk device.

🟢

If Mitigated

Limited impact if proper application whitelisting and user privilege restrictions are implemented, though the vulnerability still exists.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the kiosk system. Exploitation details have been publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.7.4905

Vendor Advisory: https://www.provisio.com/en-US/Downloads/VersionHistory.aspx?Product=SiteKiosk

Restart Required: Yes

Instructions:

1. Download SiteKiosk version 9.7.4905 or later from Provisio website. 2. Run the installer on affected systems. 3. Restart the kiosk system to complete installation.

🔧 Temporary Workarounds

Restrict Local Access

all

Implement physical security controls to prevent unauthorized local access to kiosk systems.

Application Whitelisting

windows

Configure Windows AppLocker or similar to restrict execution to approved applications only.

🧯 If You Can't Patch

• Isolate kiosk systems on separate network segments with strict firewall rules
• Implement regular system monitoring and anomaly detection for kiosk devices

🔍 How to Verify

Check if Vulnerable:

Copy

Check SiteKiosk version in Help > About SiteKiosk. If version is below 9.7.4905, system is vulnerable.

Check Version:

Copy

Not applicable - check via SiteKiosk GUI Help > About

Verify Fix Applied:

Copy

Verify version is 9.7.4905 or higher in Help > About SiteKiosk after update.

📡 Detection & Monitoring

Log Indicators:

• Unusual process creation events from SiteKiosk
• Privilege escalation attempts in Windows Event Logs

Network Indicators:

• Unexpected outbound connections from kiosk systems
• Network traffic to suspicious destinations

SIEM Query:

Copy

EventID=4688 AND ProcessName LIKE '%SiteKiosk%' AND NewProcessName NOT IN (approved_process_list)

📊 Metadata

CVE ID: CVE-2018-18766

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: March 29, 2019

Last Updated: November 21, 2024

🔗 References

• https://www.provisio.com/en-US/Downloads/VersionHistory.aspx?Product=SiteKiosk Release Notes,Vendor Advisory
• https://www.provisio.com/en-US/Downloads/VersionHistory.aspx?Product=SiteKiosk Release Notes,Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON