CVE-2022-0916 – This vulnerability in Logitech Options software... (How to Fix)

📋 TL;DR

This vulnerability in Logitech Options software allows attackers to perform Cross-Site Request Forgery (CSRF) attacks during OAuth 2.0 authentication flows. Attackers could trick users into authorizing malicious applications or actions. All users of affected Logitech Options versions are vulnerable.

💻 Affected Systems

Products:

Logitech Options

Versions: Versions prior to 9.60.86

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the OAuth 2.0 implementation in Logitech Options software used for device configuration and cloud services.

📦 What is this software?

Options\+ by Logitech

View all CVEs affecting Options\+ →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain unauthorized access to user accounts, install malicious software, or perform actions on behalf of the user without consent.

🟠

Likely Case

Attackers could trick users into authorizing malicious applications that appear legitimate, potentially leading to data theft or unauthorized access.

🟢

If Mitigated

With proper OAuth state parameter validation, CSRF attacks would be prevented, maintaining secure authentication flows.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (clicking malicious links) and knowledge of OAuth flows.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.60.86 and later

Vendor Advisory: https://support.logi.com/hc/en-us/articles/360025297893

Restart Required: Yes

Instructions:

1. Open Logitech Options software
2. Go to Settings > About
3. Check current version
4. If below 9.60.86, download latest version from Logitech website
5. Install update and restart computer

🔧 Temporary Workarounds

Disable Logitech Options Cloud Services

all

Prevents OAuth authentication flows by disabling cloud features

Open Logitech Options > Settings > Disable 'Cloud Services' or 'Sync Settings'

🧯 If You Can't Patch

Use Logitech Options in offline mode only
Avoid clicking on suspicious links while Logitech Options is running

🔍 How to Verify

Check if Vulnerable:

Open Logitech Options > Settings > About, check if version is below 9.60.86

Check Version:

Not applicable - check via GUI in Settings > About

Verify Fix Applied:

Confirm version is 9.60.86 or higher in Settings > About

📡 Detection & Monitoring

Log Indicators:

Multiple OAuth authentication failures
Unusual OAuth authorization requests

Network Indicators:

Suspicious OAuth redirects to unexpected domains

SIEM Query:

source="Logitech Options" AND (event="oauth_failure" OR event="authorization_request")

📊 Metadata

CVE ID: CVE-2022-0916

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-287

Published: May 3, 2022

Last Updated: November 21, 2024

🔗 References

https://support.logi.com/hc/en-us/articles/360025297893 Vendor Advisory
https://support.logi.com/hc/en-us/articles/360025297893 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0916, you might also want to check these: