Instruments with Illumina Universal Copy Service v1.x and
v2.x contain an unnecessary privileges vulnerability. An unauthenticated
malicious actor could upload and execute code remotely at the operating system
level, which could allow an attacker to change settings, configurations,
software, or access sensitive data on the affected product.
References
| Link | Resource |
|---|---|
| https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html | Vendor Advisory |
| https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
History
09 May 2023, 17:53
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Illumina miseqdx Firmware
Illumina nextseq 500 Illumina miniseq Illumina nextseq 1000 Firmware Illumina iseq 100 Firmware Illumina miseqdx Illumina novaseq 6000 Firmware Illumina nextseq 1000 Illumina iscan Illumina miseq Illumina novaseq 6000 Illumina miseq Firmware Illumina nextseq 550dx Firmware Illumina nextseq 500 Firmware Illumina nextseq 550 Firmware Illumina nextseq 550 Illumina nextseq 2000 Illumina nextseq 550dx Illumina iscan Firmware Illumina iseq 100 Illumina nextseq 2000 Firmware Illumina miniseq Firmware Illumina |
|
| CPE | cpe:2.3:o:illumina:miniseq_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:illumina:miseq_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:* cpe:2.3:o:illumina:miseqdx_firmware:*:*:*:*:-:*:*:* cpe:2.3:h:illumina:nextseq_2000:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:miseqdx:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_2000_firmware:1.4.1:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_500_firmware:4.0:*:*:*:*:*:*:* cpe:2.3:o:illumina:miseqdx_firmware:4.0:*:*:*:ruo:*:*:* cpe:2.3:o:illumina:novaseq_6000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:illumina:nextseq_1000:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_550_firmware:4.0:*:*:*:*:*:*:* cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:* cpe:2.3:h:illumina:iscan:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:iscan_firmware:4.0.5:*:*:*:*:*:*:* cpe:2.3:o:illumina:novaseq_6000_firmware:1.8:*:*:*:*:*:*:* cpe:2.3:o:illumina:iseq_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:illumina:iscan_firmware:4.0.0:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_550dx_firmware:4.0:*:*:*:ruo:*:*:* cpe:2.3:h:illumina:novaseq_6000:-:*:*:*:*:*:*:* cpe:2.3:o:illumina:nextseq_1000_firmware:1.4.1:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-269 | |
| References | (MISC) https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html - Vendor Advisory | |
| References | (MISC) https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 - Third Party Advisory, US Government Resource |
28 Apr 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-28 19:15
Updated : 2023-05-09 17:53
NVD link : CVE-2023-1966
Mitre link : CVE-2023-1966
JSON object : View
Products Affected
illumina
- iseq_100
- miseq_firmware
- novaseq_6000_firmware
- nextseq_2000_firmware
- iscan
- nextseq_550dx_firmware
- miseq
- miseqdx
- nextseq_550_firmware
- miniseq
- nextseq_500
- nextseq_1000_firmware
- iseq_100_firmware
- nextseq_500_firmware
- miniseq_firmware
- nextseq_1000
- nextseq_550dx
- novaseq_6000
- iscan_firmware
- nextseq_2000
- nextseq_550
- miseqdx_firmware
CWE
CWE-269
Improper Privilege Management