CVE-2022-1519

Summary

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

Affected Software

VendorProductVersion RangeStatus
IlluminaNextSeq 550DxLRM Versions 1.3 to 3.1affected
IlluminaMiSeq DxLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 500 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 550 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiSeq InstrumentLRM Versions 1.3 to 3.1affected
IlluminaiSeq 100 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiniSeq InstrumentLRM Versions 1.3 to 3.1affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References