Lucene search

MitreCVELIST:CVE-2024-45752

HistorySep 19, 2024 - 12:00 a.m.

CVE-2024-45752

2024-09-1900:00:00

mitre

www.cve.org

logiops

privilege escalation

d-bus service

configuration

keyboard macros

CVSS3

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

22.3%

JSON

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.

References

bugzilla.suse.com/show_bug.cgi?id=1226598

github.com/PixlOne/logiops/releases

CVSS3

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

22.3%

JSON

Related for CVELIST:CVE-2024-45752