CVE-2022-1521

Summary

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.

Affected Software

VendorProductVersion RangeStatus
IlluminaNextSeq 550DxLRM Versions 1.3 to 3.1affected
IlluminaMiSeq DxLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 500 InstrumenLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 550 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiSeq InstrumentLRM Versions 1.3 to 3.1affected
IlluminaiSeq 100 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiniSeq InstrumentLRM Versions 1.3 to 3.1affected

Weaknesses

  • CWE-284: cwe-284

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References