Lucene search

LogitechCVELIST:CVE-2022-0916

HistoryMay 03, 2022 - 1:40 p.m.

CVE-2022-0916 Broken authentication on Logitech Options due to misvalidation of Oauth state parameter

2022-05-0313:40:09

CWE-287

Logitech

www.cve.org

cve-2022-0916

broken authentication

logitech options

oauth state parameter

csrf attacks

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

32.3%

JSON

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Options",
    "vendor": "Logitech",
    "versions": [
      {
        "lessThan": "9.60.87",
        "status": "affected",
        "version": "9.60.87",
        "versionType": "custom"
      }
    ]
  }
]

References

support.logi.com/hc/en-us/articles/360025297893

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

32.3%

JSON

Related for CVELIST:CVE-2022-0916