Logitech Unifying Receiver Key Injection (MouseJack)

medium Nessus Plugin ID 88905

Synopsis

The remote host has used a wireless USB keyboard device that is potentially affected by a wireless key injection vulnerability.

Description

The remote Windows host has used a Logitech Unifying Receiver wireless USB device with firmware version 12.01 or 12.03. It is potentially affected by a wireless key injection vulnerability that allows a physically local attacker to send keystrokes to the host.

Note that Nessus cannot determine when the USB device was last used on the remote host, just that is has been previously used.

Solution

Unplug the Logitech Unifying Receiver wireless USB device from the host until the vendor issues a firmware update or patch.

See Also

https://secure.logitech.com/en-us/promotions/6072

https://www.mousejack.com/

Plugin Details

Severity: Medium

ID: 88905

File Name: logitech_unifying_receiver_wireless_key_injection.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2/23/2016

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: x-cpe:/h:logitech:unifying_receiver

Required KB Items: Settings/ParanoidReport, Host/EnumUSB

Vulnerability Publication Date: 1/23/2016

Reference Information

CERT: 981271