10
CVE-2022-1517
- EPSS 0.42%
- Veröffentlicht 24.06.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:40:53
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginLRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Illumina ≫ Local Run Manager Version >= 1.3 <= 3.1
Illumina ≫ Iseq 100 Version-
Illumina ≫ Miniseq Version-
Illumina ≫ Miseq Version-
Illumina ≫ Miseq Dx Version-
Illumina ≫ Nextseq 500 Version-
Illumina ≫ Nextseq 550 Version-
Illumina ≫ Nextseq 550dx Version-
Illumina ≫ Miniseq Version-
Illumina ≫ Miseq Version-
Illumina ≫ Miseq Dx Version-
Illumina ≫ Nextseq 500 Version-
Illumina ≫ Nextseq 550 Version-
Illumina ≫ Nextseq 550dx Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.613 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| ics-cert@hq.dhs.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.