CVE-2024-45752 - Vulnerability Details - OpenCVE

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Pixlone	Logiops

Configuration 1 [-]

cpe:2.3:a:pixlone:logiops:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1226598
https://github.com/PixlOne/logiops/releases

History

Wed, 25 Sep 2024 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Fri, 20 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pixlone Pixlone logiops
CPEs	cpe:2.3:a:logiops:logiops::::::::	cpe:2.3:a:pixlone:logiops::::::::
Vendors & Products	Logiops Logiops logiops	Pixlone Pixlone logiops

Thu, 19 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Logiops Logiops logiops
Weaknesses		CWE-269
CPEs		cpe:2.3:a:logiops:logiops::::::::
Vendors & Products		Logiops Logiops logiops
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 19 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.
References		https://bugzilla.suse.com/show_bug.cgi?id=1226598 https://github.com/PixlOne/logiops/releases
Metrics		cvssV3_1 `{'score': 8.5, 'vector': 'CVSS:3.1/AC:L/AV:L/A:L/C:H/I:H/PR:N/S:C/UI:R'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-19T00:00:00

Updated: 2024-09-20T13:14:08.991Z

Reserved: 2024-09-06T00:00:00

Link: CVE-2024-45752

Vulnrichment

Updated: 2024-09-19T16:08:27.395Z

NVD

Status : Analyzed

Published: 2024-09-19T16:15:04.910

Modified: 2024-09-25T16:54:27.520

Link: CVE-2024-45752

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-45752", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-20T13:14:08.991Z", "dateReserved": "2024-09-06T00:00:00", "datePublished": "2024-09-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-19T15:12:44.168269"}, "descriptions": [{"lang": "en", "value": "logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1226598"}, {"url": "https://github.com/PixlOne/logiops/releases"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:H/PR:N/S:C/UI:R", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "pixlone", "product": "logiops", "cpes": ["cpe:2.3:a:pixlone:logiops:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.3.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T16:07:57.637989Z", "id": "CVE-2024-45752", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T13:14:08.991Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-19T16:07:57.637989Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:pixlone:logiops:*:*:*:*:*:*:*:*"], "vendor": "pixlone", "product": "logiops", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0.3.4"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T16:08:27.395Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:H/PR:N/S:C/UI:R", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1226598"}, {"url": "https://github.com/PixlOne/logiops/releases"}], "descriptions": [{"lang": "en", "value": "logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-19T15:12:44.168269"}}}, "cveMetadata": {"cveId": "CVE-2024-45752", "state": "PUBLISHED", "dateUpdated": "2024-09-20T13:14:08.991Z", "dateReserved": "2024-09-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-09-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixlone:logiops:*:*:*:*:*:*:*:*", "matchCriteriaId": "A61D6CCE-2D44-4329-907E-CA1E689FCCFF", "versionEndIncluding": "0.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction."}, {"lang": "es", "value": "Desde logiops hasta la versi\u00f3n 0.3.4, en su configuraci\u00f3n predeterminada, se permite que cualquier usuario sin privilegios configure su daemon logid a trav\u00e9s de un servicio D-Bus sin restricciones, incluida la configuraci\u00f3n de macros de teclado maliciosas. Esto permite la escalada de privilegios con una interacci\u00f3n m\u00ednima del usuario."}], "id": "CVE-2024-45752", "lastModified": "2024-09-25T16:54:27.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2024-09-19T16:15:04.910", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1226598"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/PixlOne/logiops/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}