Vulnerability Details CVE-2023-1966
Instruments with Illumina Universal Copy Service v1.x and
v2.x contain an unnecessary privileges vulnerability. An unauthenticated
malicious actor could upload and execute code remotely at the operating system
level, which could allow an attacker to change settings, configurations,
software, or access sensitive data on the affected product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 7.4
References
- https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
- https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
Products affected by CVE-2023-1966
-
cpe:2.3:h:illumina:iscan:-
-
cpe:2.3:h:illumina:iseq_100:-
-
cpe:2.3:h:illumina:miniseq:-
-
cpe:2.3:h:illumina:miseq:-
-
cpe:2.3:h:illumina:miseqdx:-
-
cpe:2.3:h:illumina:nextseq_1000:-
-
cpe:2.3:h:illumina:nextseq_2000:-
-
cpe:2.3:h:illumina:nextseq_500:-
-
cpe:2.3:h:illumina:nextseq_550:-
-
cpe:2.3:h:illumina:nextseq_550dx:-
-
cpe:2.3:h:illumina:novaseq_6000:-
-
cpe:2.3:o:illumina:iscan_firmware:4.0.0
-
cpe:2.3:o:illumina:iscan_firmware:4.0.5
-
cpe:2.3:o:illumina:iseq_100_firmware:-
-
cpe:2.3:o:illumina:miniseq_firmware:2.0
-
cpe:2.3:o:illumina:miseq_firmware:4.0
-
cpe:2.3:o:illumina:miseqdx_firmware:4.0
-
cpe:2.3:o:illumina:miseqdx_firmware:4.0.1
-
cpe:2.3:o:illumina:nextseq_1000_firmware:1.4.1
-
cpe:2.3:o:illumina:nextseq_2000_firmware:1.4.1
-
cpe:2.3:o:illumina:nextseq_500_firmware:4.0
-
cpe:2.3:o:illumina:nextseq_550_firmware:4.0
-
cpe:2.3:o:illumina:nextseq_550dx_firmware:1.0.0
-
cpe:2.3:o:illumina:nextseq_550dx_firmware:1.3.1
-
cpe:2.3:o:illumina:nextseq_550dx_firmware:1.3.3
-
cpe:2.3:o:illumina:nextseq_550dx_firmware:4.0
-
cpe:2.3:o:illumina:novaseq_6000_firmware:-
-
cpe:2.3:o:illumina:novaseq_6000_firmware:1.7
-
cpe:2.3:o:illumina:novaseq_6000_firmware:1.8