CVE-2022-1517

Summary

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

Affected Software

VendorProductVersion RangeStatus
IlluminaNextSeq 550DxLRM Versions 1.3 to 3.1affected
IlluminaMiSeq DxLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 500 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 550 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiSeq InstrumentLRM Versions 1.3 to 3.1affected
IlluminaiSeq 100 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiniSeq InstrumentLRM Versions 1.3 to 3.1affected

Weaknesses

  • CWE-250: cwe-250

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References