CVE-2024-8258

Sažetak

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

Reference

https://github.com/r3ggi/electroniz3r
https://nvd.nist.gov/vuln/detail/CVE-2023-49314
https://nvd.nist.gov/vuln/detail/CVE-2023-50643
https://www.electronjs.org/docs/latest/tutorial/fuses

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

27-09-2024 - 18:56

Objavljeno

10-09-2024 - 09:15