CVE-2023-1966
EUVD-2023-2415228.04.2023, 19:15
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| illumina | iscan_firmware | 4.0.0 |
| illumina | iscan_firmware | 4.0.5 |
| illumina | iseq_100_firmware | * |
| illumina | miniseq_firmware | 2.0 ≤ |
| illumina | miseq_firmware | 4.0 ≤ |
| illumina | miseqdx_firmware | 4.0.1 ≤ |
| illumina | miseqdx_firmware | 4.0 |
| illumina | nextseq_500_firmware | 4.0 |
| illumina | nextseq_550_firmware | 4.0 |
| illumina | nextseq_550dx_firmware | 1.0.0 ≤ 𝑥 ≤ 1.3.1 |
| illumina | nextseq_550dx_firmware | 1.3.3 ≤ |
| illumina | nextseq_550dx_firmware | 4.0 |
| illumina | nextseq_1000_firmware | 1.4.1 |
| illumina | nextseq_2000_firmware | 1.4.1 |
| illumina | novaseq_6000_firmware | 𝑥 ≤ 1.7 |
| illumina | novaseq_6000_firmware | 1.8 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
References