LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HIllumina Iseq 100
HWIlluminawszystkie wersjeIllumina Local Run Manager
APPIllumina1.3 – 3.1Illumina Miniseq
HWIlluminawszystkie wersjeIllumina Miseq
HWIlluminawszystkie wersjeIllumina Miseq Dx
HWIlluminawszystkie wersjeIllumina Nextseq 500
HWIlluminawszystkie wersjeIllumina Nextseq 550
HWIlluminawszystkie wersjeIllumina Nextseq 550dx
HWIlluminawszystkie wersje
Related vulnerabilities
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP add...
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intend...
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can u...
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modif...
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability...