Lucene search

LogitechVULNRICHMENT:CVE-2024-8258

HistorySep 10, 2024 - 8:36 a.m.

CVE-2024-8258 Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS

2024-09-1008:36:34

CWE-94

Logitech

github.com

electron fuses

logitech options plus

arbitrary code execution

macos

code injection

insecure configuration

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L/AU:Y/R:U

AI Score

8.2

Confidence

Low

EPSS

Percentile

5.1%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Improper Control of Generation of Code (‘Code Injection’) in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:logitech:options_plus:*:*:*:*:*:*:*:*"
    ],
    "vendor": "logitech",
    "product": "options_plus",
    "versions": [
      {
        "status": "affected",
        "version": "1.60.496306",
        "lessThan": "1.70",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

github.com/r3ggi/electroniz3r

nvd.nist.gov/vuln/detail/CVE-2023-49314

nvd.nist.gov/vuln/detail/CVE-2023-50643

www.electronjs.org/docs/latest/tutorial/fuses