← back
CVE-2023-1966

CVE-2023-1966

CVSS 7.4 HIGHEPSS 0.9%CWE-250
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Illumina · iScan Control SoftwareIllumina · iSeq 100Illumina · MiniSeq Control SoftwareIllumina · MiSeq Control SoftwareIllumina · MiSeqDx Operating SoftwareIllumina · NextSeq 1000/2000 Control SoftwareIllumina · NextSeq 500/550 Control SoftwareIllumina · NextSeq 550Dx Control SoftwareIllumina · NextSeq 550Dx Operating SoftwareIllumina · NovaSeq 6000 Control SoftwareIllumina · NovaSeq Control Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.htmlhttps://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01