CVE-2023-1968 — CRITICAL (10.0)

Q: How severe is CVE-2023-1968?

CVE-2023-1968 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-1968?

Check the references section above for vendor advisories and patch information. Affected products include: Illumina Iscan Firmware, Illumina Iscan, Illumina Iseq 100 Firmware, Illumina Iseq 100, Illumina Miniseq Firmware.

Vulnerability Description

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Illumina	Iscan Firmware	4.0.0
Illumina	Iscan	-
Illumina	Iseq 100 Firmware	All versions
Illumina	Iseq 100	-
Illumina	Miniseq Firmware	>= 2.0
Illumina	Miniseq	-
Illumina	Miseq Firmware	>= 4.0
Illumina	Miseq	-
Illumina	Miseqdx Firmware	>= 4.0.1
Illumina	Miseqdx	-
Illumina	Nextseq 500 Firmware	4.0
Illumina	Nextseq 500	-
Illumina	Nextseq 550 Firmware	4.0
Illumina	Nextseq 550	-
Illumina	Nextseq 550Dx Firmware	>= 1.0.0, <= 1.3.1
Illumina	Nextseq 550Dx	-
Illumina	Nextseq 1000 Firmware	1.4.1
Illumina	Nextseq 1000	-
Illumina	Nextseq 2000 Firmware	1.4.1
Illumina	Nextseq 2000	-

Related Weaknesses (CWE)

CWE-1327

References

https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.htmlVendor Advisory
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01Third Party AdvisoryUS Government Resource
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.htmlVendor Advisory
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-1968?

CVE-2023-1968 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, incl...

How severe is CVE-2023-1968?

CVE-2023-1968 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-1968?

Check the references section above for vendor advisories and patch information. Affected products include: Illumina Iscan Firmware, Illumina Iscan, Illumina Iseq 100 Firmware, Illumina Iseq 100, Illumina Miniseq Firmware.