Lucene search

LogitechVULNRICHMENT:CVE-2024-2537

HistoryMar 15, 2024 - 5:12 p.m.

CVE-2024-2537 Electron Code Injection in Logi Tune macOS Application

2024-03-1517:12:10

CWE-913

Logitech

github.com

cve-2024-2537; electron code injection; logi tune macos; improper control; dynamically-managed code; logitech logi tune; macos; local code inclusion

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

7.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.

References

hackerone.com/reports/2376663

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

7.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-2537