CVE-2023-1966 — HIGH (7.4) — White Hats Nepal

Q: How severe is CVE-2023-1966?

CVE-2023-1966 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1966?

Check the references section above for vendor advisories and patch information. Affected products include: Illumina Iscan Firmware, Illumina Iscan, Illumina Iseq 100 Firmware, Illumina Iseq 100, Illumina Miniseq Firmware.

Vulnerability Description

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Illumina	Iscan Firmware	4.0.0
Illumina	Iscan	-
Illumina	Iseq 100 Firmware	All versions
Illumina	Iseq 100	-
Illumina	Miniseq Firmware	>= 2.0
Illumina	Miniseq	-
Illumina	Miseq Firmware	>= 4.0
Illumina	Miseq	-
Illumina	Miseqdx Firmware	>= 4.0.1
Illumina	Miseqdx	-
Illumina	Nextseq 500 Firmware	4.0
Illumina	Nextseq 500	-
Illumina	Nextseq 550 Firmware	4.0
Illumina	Nextseq 550	-
Illumina	Nextseq 550Dx Firmware	>= 1.0.0, <= 1.3.1
Illumina	Nextseq 550Dx	-
Illumina	Nextseq 1000 Firmware	1.4.1
Illumina	Nextseq 1000	-
Illumina	Nextseq 2000 Firmware	1.4.1
Illumina	Nextseq 2000	-

Related Weaknesses (CWE)

CWE-269 CWE-250

References

https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.htmlVendor Advisory
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01Third Party AdvisoryUS Government Resource
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.htmlVendor Advisory
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-1966?

CVE-2023-1966 is a vulnerability with a CVSS score of 7.4 (HIGH). Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operati...

How severe is CVE-2023-1966?

CVE-2023-1966 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1966?

Check the references section above for vendor advisories and patch information. Affected products include: Illumina Iscan Firmware, Illumina Iscan, Illumina Iseq 100 Firmware, Illumina Iseq 100, Illumina Miniseq Firmware.