Instruments with Illumina Universal Copy Service v1.x and
v2.x contain an unnecessary privileges vulnerability. An unauthenticated
malicious actor could upload and execute code remotely at the operating system
level, which could allow an attacker to change settings, configurations,
software, or access sensitive data on the affected product.
References
Link | Resource |
---|---|
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html | Vendor Advisory |
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
09 May 2023, 17:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
First Time |
Illumina miniseq
Illumina iseq 100 Firmware Illumina nextseq 550 Firmware Illumina novaseq 6000 Firmware Illumina miseqdx Firmware Illumina nextseq 550 Illumina novaseq 6000 Illumina miseq Firmware Illumina nextseq 500 Illumina Illumina miniseq Firmware Illumina iseq 100 Illumina nextseq 550dx Illumina nextseq 500 Firmware Illumina iscan Illumina nextseq 2000 Firmware Illumina nextseq 1000 Firmware Illumina nextseq 1000 Illumina miseqdx Illumina nextseq 2000 Illumina nextseq 550dx Firmware Illumina miseq Illumina iscan Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html - Vendor Advisory | |
References | (MISC) https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:illumina:nextseq_550dx_firmware:4.0:*:*:*:ruo:*:*:* cpe:2.3:o:illumina:novaseq_6000_firmware:1.8:*:*:*:*:*:*:* cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:novaseq_6000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:illumina:miseqdx_firmware:*:*:*:*:-:*:*:* cpe:2.3:o:illumina:iscan_firmware:4.0.0:*:*:*:*:*:*:* cpe:2.3:o:illumina:miseq_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_500_firmware:4.0:*:*:*:*:*:*:* cpe:2.3:o:illumina:iseq_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:illumina:iscan_firmware:4.0.5:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_2000_firmware:1.4.1:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_2000:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:miniseq_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:illumina:miseqdx:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:miseqdx_firmware:4.0:*:*:*:ruo:*:*:* cpe:2.3:h:illumina:novaseq_6000:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_1000_firmware:1.4.1:*:*:*:*:*:*:* cpe:2.3:h:illumina:iscan:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_1000:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_550_firmware:4.0:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:* |
28 Apr 2023, 22:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-28 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1966
Mitre link : CVE-2023-1966
CVE.ORG link : CVE-2023-1966
JSON object : View
Products Affected
illumina
- nextseq_550dx
- miseq
- nextseq_550dx_firmware
- nextseq_1000
- miniseq_firmware
- nextseq_550
- miseqdx
- miniseq
- nextseq_500
- iscan_firmware
- novaseq_6000_firmware
- nextseq_1000_firmware
- iscan
- nextseq_2000
- nextseq_500_firmware
- novaseq_6000
- miseqdx_firmware
- miseq_firmware
- iseq_100_firmware
- nextseq_550_firmware
- iseq_100
- nextseq_2000_firmware