Search criteria
3 vulnerabilities found for Options by Logitech
FKIE_CVE-2022-0916
Vulnerability from fkie_nvd - Published: 2022-05-03 14:15 - Updated: 2024-11-21 06:39
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:logitech:options:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F36318-2D82-4BA2-9407-275F73F50B63",
"versionEndExcluding": "9.60.87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Logitech Options. El par\u00e1metro de estado de OAuth 2.0 no es comprobado apropiadamente. Esto hace que las aplicaciones sean vulnerables a ataques de tipo CSRF durante las operaciones de autenticaci\u00f3n y autorizaci\u00f3n"
}
],
"id": "CVE-2022-0916",
"lastModified": "2024-11-21T06:39:39.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "cve-coordination@logitech.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-03T14:15:08.320",
"references": [
{
"source": "cve-coordination@logitech.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"sourceIdentifier": "cve-coordination@logitech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "cve-coordination@logitech.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-0916 (GCVE-0-2022-0916)
Vulnerability from cvelistv5 – Published: 2022-05-03 13:40 – Updated: 2024-09-17 02:26
VLAI?
Title
Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
Summary
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Severity ?
8.4 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Karan Bamal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Options",
"vendor": "Logitech",
"versions": [
{
"lessThan": "9.60.87",
"status": "affected",
"version": "9.60.87",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karan Bamal"
}
],
"datePublic": "2022-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:40:09",
"orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"shortName": "Logitech"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@logitech.com",
"DATE_PUBLIC": "2022-04-08T11:48:00.000Z",
"ID": "CVE-2022-0916",
"STATE": "PUBLIC",
"TITLE": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Options",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "9.60.87",
"version_value": "9.60.87"
}
]
}
}
]
},
"vendor_name": "Logitech"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Karan Bamal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.logi.com/hc/en-us/articles/360025297893",
"refsource": "MISC",
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"assignerShortName": "Logitech",
"cveId": "CVE-2022-0916",
"datePublished": "2022-05-03T13:40:09.127198Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T02:26:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0916 (GCVE-0-2022-0916)
Vulnerability from nvd – Published: 2022-05-03 13:40 – Updated: 2024-09-17 02:26
VLAI?
Title
Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
Summary
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Severity ?
8.4 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Karan Bamal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Options",
"vendor": "Logitech",
"versions": [
{
"lessThan": "9.60.87",
"status": "affected",
"version": "9.60.87",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karan Bamal"
}
],
"datePublic": "2022-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:40:09",
"orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"shortName": "Logitech"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@logitech.com",
"DATE_PUBLIC": "2022-04-08T11:48:00.000Z",
"ID": "CVE-2022-0916",
"STATE": "PUBLIC",
"TITLE": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Options",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "9.60.87",
"version_value": "9.60.87"
}
]
}
}
]
},
"vendor_name": "Logitech"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Karan Bamal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.logi.com/hc/en-us/articles/360025297893",
"refsource": "MISC",
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"assignerShortName": "Logitech",
"cveId": "CVE-2022-0916",
"datePublished": "2022-05-03T13:40:09.127198Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T02:26:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}