Lucene search

LogitechCVE-2024-8258

HistorySep 10, 2024 - 9:15 a.m.

CVE-2024-8258

2024-09-1009:15:07

CWE-94

Logitech

web.nvd.nist.gov

cve-2024-8258

electron fuses

code injection

logitech options plus

macos

arbitrary code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L/AU:Y/R:U

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper Control of Generation of Code (‘Code Injection’) in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

Affected configurations

Nvd

Node

logitechlogi_options\+Range1.60.496306–1.70.551909

AND

applemacosMatch-

VendorProductVersionCPE
logitechlogi_options\+*cpe:2.3:a:logitech:logi_options\+:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
logitech	logi_options\+	*	cpe:2.3:a:logitech:logi_options\+::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "Logitech Options Plus",
    "vendor": "Logitech",
    "versions": [
      {
        "lessThan": "1.70",
        "status": "affected",
        "version": "1.60.496306",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "1.70"
      }
    ]
  }
]

References

github.com/r3ggi/electroniz3r

nvd.nist.gov/vuln/detail/CVE-2023-49314

nvd.nist.gov/vuln/detail/CVE-2023-50643

www.electronjs.org/docs/latest/tutorial/fuses

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L/AU:Y/R:U

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2024-8258