Privilege escalation in Illumina Iseq_100
CVE-2022-1517
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on…
EPSS: 0.016 (73.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Illumina Iseq_100
- Illumina Iseq 100 Instrument — versions LRM Versions 1.3 to 3.1
- Illumina Local_run_manager
- Illumina Miniseq
- Illumina Miniseq Instrument — versions LRM Versions 1.3 to 3.1
- Illumina Miseq
- Illumina Miseq Dx — versions LRM Versions 1.3 to 3.1
- Illumina Miseq_dx
- Illumina Miseq Instrument — versions LRM Versions 1.3 to 3.1
- Illumina Nextseq_500
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-1517?
- CVE-2022-1517 is a critical-severity vulnerability in Illumina Iseq_100, classified under CWE-250. CVSS score: 10.0/10. Published 2022-06-24.
- How severe is CVE-2022-1517?
- Critical severity. CVSS v3 base score is 10.0 out of 10.