CVE-2023-1966

EPSS 0.29%
Veröffentlicht 28.04.2023 19:15:16
Zuletzt bearbeitet 21.11.2024 07:40:14
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Instruments with Illumina Universal Copy Service v1.x and
v2.x contain an unnecessary privileges vulnerability. An unauthenticated
malicious actor could upload and execute code remotely at the operating system
level, which could allow an attacker to change settings, configurations,
software, or access sensitive data on the affected product.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Illumina ≫ Iscan Firmware Version4.0.0

Illumina ≫ Iscan Version-

Illumina ≫ Iscan Firmware Version4.0.5

Illumina ≫ Iscan Version-

Illumina ≫ Iseq 100 Firmware

Illumina ≫ Iseq 100 Version-

Illumina ≫ Miniseq Firmware Version >= 2.0

Illumina ≫ Miniseq Version-

Illumina ≫ Miseq Firmware Version >= 4.0

Illumina ≫ Miseq Version-

Illumina ≫ Miseqdx Firmware SwEdition- Version >= 4.0.1

Illumina ≫ Miseqdx Version-

Illumina ≫ Miseqdx Firmware Version4.0 SwEditionruo

Illumina ≫ Miseqdx Version-

Illumina ≫ Nextseq 500 Firmware Version4.0

Illumina ≫ Nextseq 500 Version-

Illumina ≫ Nextseq 550 Firmware Version4.0

Illumina ≫ Nextseq 550 Version-

Illumina ≫ Nextseq 550dx Firmware SwEdition- Version >= 1.0.0 <= 1.3.1

Illumina ≫ Nextseq 550dx Version-

Illumina ≫ Nextseq 550dx Firmware SwEdition- Version >= 1.3.3

Illumina ≫ Nextseq 550dx Version-

Illumina ≫ Nextseq 550dx Firmware Version4.0 SwEditionruo

Illumina ≫ Nextseq 550dx Version-

Illumina ≫ Nextseq 1000 Firmware Version1.4.1

Illumina ≫ Nextseq 1000 Version-

Illumina ≫ Nextseq 2000 Firmware Version1.4.1

Illumina ≫ Nextseq 2000 Version-

Illumina ≫ Novaseq 6000 Firmware Version <= 1.7

Illumina ≫ Novaseq 6000 Version-

Illumina ≫ Novaseq 6000 Firmware Version1.8

Illumina ≫ Novaseq 6000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.522

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	7.4	0.7	6	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html

Vendor Advisory

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-1966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1966

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1966