CVE-2024-8258

Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS

CVSS 2 LOWEPSS 0.4%CWE-94

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/AU:Y/R:U

Produtos afetados

Logitech · Logitech Options Plus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/r3ggi/electroniz3r https://nvd.nist.gov/vuln/detail/CVE-2023-49314 https://nvd.nist.gov/vuln/detail/CVE-2023-50643 https://www.electronjs.org/docs/latest/tutorial/fuses