CVE-2024-4031 (GCVE-0-2024-4031)
Vulnerability from cvelistv5 – Published: 2024-04-23 06:29 – Updated: 2024-08-01 20:26
VLAI
Title
MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability
Summary
Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.
Severity
4.4 (Medium)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Logitech | MEVO WEBCAM APP |
Affected:
0 , < 0.8.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:logitech:mevo_webcam_app:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mevo_webcam_app",
"vendor": "logitech",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T13:56:22.229567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:35.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/428.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "MEVO WEBCAM APP",
"vendor": "Logitech",
"versions": [
{
"lessThan": "0.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arun George Jose, Alaa Kachouh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code."
}
],
"value": "Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-23T08:37:56.500Z",
"orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"shortName": "Logitech"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/428.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"assignerShortName": "Logitech",
"cveId": "CVE-2024-4031",
"datePublished": "2024-04-23T06:29:58.858Z",
"dateReserved": "2024-04-22T15:40:56.836Z",
"dateUpdated": "2024-08-01T20:26:57.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-4031",
"date": "2026-05-31",
"epss": "0.00025",
"percentile": "0.07551"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de elemento o ruta de b\\u00fasqueda sin comillas en la aplicaci\\u00f3n Logitech MEVO WEBCAM en Windows permite la ejecuci\\u00f3n local de c\\u00f3digo.\"}]",
"id": "CVE-2024-4031",
"lastModified": "2024-11-21T09:42:03.867",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@logitech.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 2.5}]}",
"published": "2024-04-23T07:15:43.087",
"references": "[{\"url\": \"https://cwe.mitre.org/data/definitions/428.html\", \"source\": \"cve-coordination@logitech.com\"}, {\"url\": \"https://cwe.mitre.org/data/definitions/428.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve-coordination@logitech.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cve-coordination@logitech.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-428\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4031\",\"sourceIdentifier\":\"cve-coordination@logitech.com\",\"published\":\"2024-04-23T07:15:43.087\",\"lastModified\":\"2024-11-21T09:42:03.867\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de elemento o ruta de b\u00fasqueda sin comillas en la aplicaci\u00f3n Logitech MEVO WEBCAM en Windows permite la ejecuci\u00f3n local de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@logitech.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"cve-coordination@logitech.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]}],\"references\":[{\"url\":\"https://cwe.mitre.org/data/definitions/428.html\",\"source\":\"cve-coordination@logitech.com\"},{\"url\":\"https://cwe.mitre.org/data/definitions/428.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cwe.mitre.org/data/definitions/428.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:26:57.253Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4031\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-23T13:56:22.229567Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:logitech:mevo_webcam_app:-:*:*:*:*:*:*:*\"], \"vendor\": \"logitech\", \"product\": \"mevo_webcam_app\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-23T13:55:11.899Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Arun George Jose, Alaa Kachouh\"}], \"impacts\": [{\"capecId\": \"CAPEC-549\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-549 Local Execution of Code\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Logitech\", \"product\": \"MEVO WEBCAM APP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.8.0\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cwe.mitre.org/data/definitions/428.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-428\", \"description\": \"CWE-428 Unquoted Search Path or Element\"}]}], \"providerMetadata\": {\"orgId\": \"b573e801-1dd3-4adf-bd73-c9b814fbe067\", \"shortName\": \"Logitech\", \"dateUpdated\": \"2024-04-23T08:37:56.500Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4031\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:26:57.253Z\", \"dateReserved\": \"2024-04-22T15:40:56.836Z\", \"assignerOrgId\": \"b573e801-1dd3-4adf-bd73-c9b814fbe067\", \"datePublished\": \"2024-04-23T06:29:58.858Z\", \"assignerShortName\": \"Logitech\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…