Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8258

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

Published

2024-09-10T09:15:07.497

Last Modified

2024-09-27T18:56:41.140

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	logitech	logi_options\+	< 1.70.551909	Yes
Operating System	apple	macos	-	No

References

https://github.com/r3ggi/electroniz3r Exploit, Third Party Advisory ([email protected])
https://nvd.nist.gov/vuln/detail/CVE-2023-49314 Not Applicable ([email protected])
https://nvd.nist.gov/vuln/detail/CVE-2023-50643 Not Applicable ([email protected])
https://www.electronjs.org/docs/latest/tutorial/fuses Product ([email protected])