CVE-2024-8258 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2024-8258?

CVE-2024-8258 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-8258?

Check the references section above for vendor advisories and patch information. Affected products include: Logitech Logi Options\+, Apple Macos.

Vulnerability Description

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Logitech	Logi Options\+	>= 1.60.496306, < 1.70.551909
Apple	Macos	-

Related Weaknesses (CWE)

CWE-94

References

https://github.com/r3ggi/electroniz3rExploitThird Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-49314Not Applicable
https://nvd.nist.gov/vuln/detail/CVE-2023-50643Not Applicable
https://www.electronjs.org/docs/latest/tutorial/fusesProduct

FAQ

What is CVE-2024-8258?

CVE-2024-8258 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses...

How severe is CVE-2024-8258?

CVE-2024-8258 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8258?

Check the references section above for vendor advisories and patch information. Affected products include: Logitech Logi Options\+, Apple Macos.