CVE-2022-1524

Summary

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.

Affected Software

VendorProductVersion RangeStatus
IlluminaNextSeq 550DxLRM Versions 1.3 to 3.1affected
IlluminaMiSeq DxLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 500 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaNextSeq 550 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiSeq InstrumentLRM Versions 1.3 to 3.1affected
IlluminaiSeq 100 InstrumentLRM Versions 1.3 to 3.1affected
IlluminaMiniSeq InstrumentLRM Versions 1.3 to 3.1affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References