Logitech Unifying Receiver Key Injection (MouseJack)

Medium Nessus Plugin ID 88905


The remote host has used a wireless USB keyboard device that is potentially affected by a wireless key injection vulnerability.


The remote Windows host has used a Logitech Unifying Receiver wireless USB device with firmware version 12.01 or 12.03. It is potentially affected by a wireless key injection vulnerability that allows a physically local attacker to send keystrokes to the host.

Note that Nessus cannot determine when the USB device was last used on the remote host, just that is has been previously used.


Unplug the Logitech Unifying Receiver wireless USB device from the host until the vendor issues a firmware update or patch.

See Also



Plugin Details

Severity: Medium

ID: 88905

File Name: logitech_unifying_receiver_wireless_key_injection.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2016/02/23

Modified: 2016/07/21

Dependencies: 35730

Risk Information

Risk Factor: Medium


Base Score: 6.2

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: x-cpe:/h:logitech:unifying_receiver

Required KB Items: Settings/ParanoidReport, Host/EnumUSB

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2016/01/23

Reference Information

OSVDB: 134983

CERT: 981271