Vulnerability Description
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Illumina | Local Run Manager | >= 1.3, <= 3.1 |
| Illumina | Iseq 100 | - |
| Illumina | Miniseq | - |
| Illumina | Miseq | - |
| Illumina | Miseq Dx | - |
| Illumina | Nextseq 500 | - |
| Illumina | Nextseq 550 | - |
| Illumina | Nextseq 550Dx | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-1517?
CVE-2022-1517 is a vulnerability with a CVSS score of 10.0 (CRITICAL). LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations,...
How severe is CVE-2022-1517?
CVE-2022-1517 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-1517?
Check the references section above for vendor advisories and patch information. Affected products include: Illumina Local Run Manager, Illumina Iseq 100, Illumina Miniseq, Illumina Miseq, Illumina Miseq Dx.