CVE-2023-1966
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
28/04/2023
Last modified:
09/05/2023
Description
Instruments with Illumina Universal Copy Service v1.x and<br />
v2.x contain an unnecessary privileges vulnerability. An unauthenticated<br />
malicious actor could upload and execute code remotely at the operating system<br />
level, which could allow an attacker to change settings, configurations,<br />
software, or access sensitive data on the affected product.<br />
<br />
<br />
<br />
<br />
<br />
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:illumina:iscan_firmware:4.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:iscan_firmware:4.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:h:illumina:iscan:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:iseq_100_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:miniseq_firmware:*:*:*:*:*:*:*:* | 2.0 (including) | |
| cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:miseq_firmware:*:*:*:*:*:*:*:* | 4.0 (including) | |
| cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:miseqdx_firmware:*:*:*:*:-:*:*:* | 4.0.1 (including) | |
| cpe:2.3:o:illumina:miseqdx_firmware:4.0:*:*:*:ruo:*:*:* | ||
| cpe:2.3:h:illumina:miseqdx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:nextseq_500_firmware:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:illumina:nextseq_550_firmware:4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page