CVE-2022-1517

3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

CVSS 10 CRITICALEPSS 1.6%CWE-250

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Illumina · iSeq 100 Instrument Illumina · MiniSeq Instrument Illumina · MiSeq Dx Illumina · MiSeq Instrument Illumina · NextSeq 500 Instrument Illumina · NextSeq 550Dx Illumina · NextSeq 550 Instrument

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02