CVE-2024-8258

Summary

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

Affected Software

VendorProductVersion RangeStatus
LogitechLogitech Options Plus1.60.496306 < 1.70affected
LogitechLogitech Options Plus1.70unaffected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References