Lucene search

LogitechCVELIST:CVE-2024-8258

HistorySep 10, 2024 - 8:36 a.m.

CVE-2024-8258 Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS

2024-09-1008:36:34

CWE-94

Logitech

www.cve.org

electron fuses

logitech options

arbitrary code execution

macos

code injection

cve-2024-8258

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L/AU:Y/R:U

EPSS

Percentile

5.1%

JSON

Improper Control of Generation of Code (‘Code Injection’) in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "Logitech Options Plus",
    "vendor": "Logitech",
    "versions": [
      {
        "lessThan": "1.70",
        "status": "affected",
        "version": "1.60.496306",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "1.70"
      }
    ]
  }
]

References

github.com/r3ggi/electroniz3r

nvd.nist.gov/vuln/detail/CVE-2023-49314

nvd.nist.gov/vuln/detail/CVE-2023-50643

www.electronjs.org/docs/latest/tutorial/fuses