CVE-2024-8258

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LogitechCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
logitechoptions_plus
1.70 <
𝑥
< 1.70
logitechlogi_options\+
1.60.496306 ≤
𝑥
< 1.70.551909
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/r3ggi/electroniz3r
https://nvd.nist.gov/vuln/detail/CVE-2023-49314
https://nvd.nist.gov/vuln/detail/CVE-2023-50643
https://www.electronjs.org/docs/latest/tutorial/fuses