CRITICAL🇬🇧 English

CVE-2022-1517

CVSS 10.0v3.1pub. 2022-06-24upd. 2024-11-21

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Illumina Iseq 100

    HW
    Illumina
    wszystkie wersje
  • Illumina Local Run Manager

    APP
    Illumina
    1.3 – 3.1
  • Illumina Miniseq

    HW
    Illumina
    wszystkie wersje
  • Illumina Miseq

    HW
    Illumina
    wszystkie wersje
  • Illumina Miseq Dx

    HW
    Illumina
    wszystkie wersje
  • Illumina Nextseq 500

    HW
    Illumina
    wszystkie wersje
  • Illumina Nextseq 550

    HW
    Illumina
    wszystkie wersje
  • Illumina Nextseq 550dx

    HW
    Illumina
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-1968CRITICAL10.0ten sam produkt

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP add...

CVE-2022-1518CRITICAL10.0ten sam produkt

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intend...

CVE-2022-1519CRITICAL10.0ten sam produkt

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can u...

CVE-2022-1521CRITICAL9.1ten sam produkt

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modif...

CVE-2023-1966HIGH7.4ten sam produkt

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability...