Search criteria
2 vulnerabilities found for Options by Logitech
CVE-2022-0916 (GCVE-0-2022-0916)
Vulnerability from nvd – Published: 2022-05-03 13:40 – Updated: 2024-09-17 02:26
VLAI?
Title
Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
Summary
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Severity ?
8.4 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Karan Bamal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Options",
"vendor": "Logitech",
"versions": [
{
"lessThan": "9.60.87",
"status": "affected",
"version": "9.60.87",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karan Bamal"
}
],
"datePublic": "2022-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:40:09",
"orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"shortName": "Logitech"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@logitech.com",
"DATE_PUBLIC": "2022-04-08T11:48:00.000Z",
"ID": "CVE-2022-0916",
"STATE": "PUBLIC",
"TITLE": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Options",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "9.60.87",
"version_value": "9.60.87"
}
]
}
}
]
},
"vendor_name": "Logitech"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Karan Bamal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.logi.com/hc/en-us/articles/360025297893",
"refsource": "MISC",
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"assignerShortName": "Logitech",
"cveId": "CVE-2022-0916",
"datePublished": "2022-05-03T13:40:09.127198Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T02:26:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0916 (GCVE-0-2022-0916)
Vulnerability from cvelistv5 – Published: 2022-05-03 13:40 – Updated: 2024-09-17 02:26
VLAI?
Title
Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
Summary
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Severity ?
8.4 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Karan Bamal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Options",
"vendor": "Logitech",
"versions": [
{
"lessThan": "9.60.87",
"status": "affected",
"version": "9.60.87",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karan Bamal"
}
],
"datePublic": "2022-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:40:09",
"orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"shortName": "Logitech"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@logitech.com",
"DATE_PUBLIC": "2022-04-08T11:48:00.000Z",
"ID": "CVE-2022-0916",
"STATE": "PUBLIC",
"TITLE": "Broken authentication on Logitech Options due to misvalidation of Oauth state parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Options",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "9.60.87",
"version_value": "9.60.87"
}
]
}
}
]
},
"vendor_name": "Logitech"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Karan Bamal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.logi.com/hc/en-us/articles/360025297893",
"refsource": "MISC",
"url": "https://support.logi.com/hc/en-us/articles/360025297893"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Logitech Options 9.60.87"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"assignerShortName": "Logitech",
"cveId": "CVE-2022-0916",
"datePublished": "2022-05-03T13:40:09.127198Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T02:26:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}