PT-2024-31749 · Logiops+1 · Logiops+1

Wolfgang Frisch

Published

2024-09-19

Updated

2024-09-25

CVE-2024-45752

CVSS v3.1

8.5

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions: logiops versions 0.3.4 and earlier

Description: The issue allows any unprivileged user to configure the logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This enables privilege escalation with minimal user interaction.

Recommendations: For logiops versions 0.3.4 and earlier, consider disabling the unrestricted D-Bus service for the logid daemon until a patch is available to prevent malicious keyboard macro configuration and subsequent privilege escalation. Restrict access to the logid daemon configuration to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-45752

Affected Products

Debian

Logiops

PT-2024-31749 · Logiops+1 · Logiops+1

CVE-2024-45752

Weakness Enumeration

Related Identifiers

Affected Products

References · 16