Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Illumina
  • Miniseq Firmware
  • Nextseq 2000 Firmware
  • Iscan Firmware
  • Novaseq 6000 Firmware
  • Iseq 100
  • Novaseq 6000
  • Nextseq 550dx
  • Nextseq 1000 Firmware
  • Nextseq 1000
  • Iseq 100 Firmware
  • Miniseq
  • Nextseq 2000
  • Nextseq 500
  • Miseq
  • Iscan
  • Miseqdx Firmware
  • Nextseq 550 Firmware
  • Miseq Firmware
  • Nextseq 550dx Firmware
  • Miseqdx
  • Nextseq 550
  • Nextseq 500 Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:illumina:iscan_firmware:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:illumina:iscan_firmware:4.0.5:*:*:*:*:*:*:*
cpe:2.3:h:illumina:iscan:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:illumina:iseq_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:illumina:miniseq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:illumina:miseq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:illumina:miseqdx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:miseqdx_firmware:4.0:*:*:*:ruo:*:*:*
cpe:2.3:h:illumina:miseqdx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:illumina:nextseq_500_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:illumina:nextseq_550_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:nextseq_550dx_firmware:4.0:*:*:*:ruo:*:*:*
cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:illumina:nextseq_1000_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_1000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:illumina:nextseq_2000_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_2000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:illumina:novaseq_6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:illumina:novaseq_6000_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:illumina:novaseq_6000:-:*:*:*:*:*:*:*
References
Link Resource
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html Vendor Advisory
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-04-28T18:06:51.431Z

Updated: 2023-04-28T18:06:51.431Z

Reserved: 2023-04-10T14:50:41.262Z

Link: CVE-2023-1966

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-04-28T19:15:16.573

Modified: 2023-05-09T17:53:51.073

Link: CVE-2023-1966

JSON object: View

cve-icon Redhat Information

No data.

CWE