Illumina Nextseq_500
7 CVEs affecting Illumina Nextseq_500. Latest disclosed: 2023-04-28. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-1968 | Critical | 10.0 | 2023-04-28 | Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could us… |
CVE-2022-1519 | Critical | 10.0 | 2022-06-24 | LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code th… |
CVE-2022-1518 | Critical | 10.0 | 2022-06-24 | LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. |
CVE-2022-1517 | Critical | 10.0 | 2022-06-24 | LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an att… |
CVE-2022-1521 | Critical | 9.1 | 2022-06-24 | LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. |
CVE-2023-1966 | High | 7.4 | 2023-04-28 | Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload… |
CVE-2022-1524 | High | 7.4 | 2022-06-24 | LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. |