CVE-2022-1517
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Illumina | NextSeq 550Dx | LRM Versions 1.3 to 3.1 | affected |
| Illumina | MiSeq Dx | LRM Versions 1.3 to 3.1 | affected |
| Illumina | NextSeq 500 Instrument | LRM Versions 1.3 to 3.1 | affected |
| Illumina | NextSeq 550 Instrument | LRM Versions 1.3 to 3.1 | affected |
| Illumina | MiSeq Instrument | LRM Versions 1.3 to 3.1 | affected |
| Illumina | iSeq 100 Instrument | LRM Versions 1.3 to 3.1 | affected |
| Illumina | MiniSeq Instrument | LRM Versions 1.3 to 3.1 | affected |
Weaknesses
- CWE-250: cwe-250
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.