CVE-2024-8258

EUVD-2024-49051
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
logitechlogi_options\+
1.60.496306 ≤
𝑥
< 1.70.551909
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
logitechoptions_plus
1.60.496306 ≤
𝑥
< 1.70
ADP
Common Weakness Enumeration
References
https://github.com/r3ggi/electroniz3r
https://nvd.nist.gov/vuln/detail/CVE-2023-49314
https://nvd.nist.gov/vuln/detail/CVE-2023-50643
https://www.electronjs.org/docs/latest/tutorial/fuses