CVE-2023-1966

moderate-risk
Published 2023-04-28

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10 High
PHYSICAL / LOW complexity

Affected Products (15)

Iscan Firmware
Iscan Firmware
Iseq 100 Firmware
Miniseq Firmware
Miseq Firmware
Miseqdx Firmware
Miseqdx Firmware
Nextseq 500 Firmware
Nextseq 550 Firmware
Nextseq 550Dx Firmware
Nextseq 550Dx Firmware
Nextseq 1000 Firmware
Nextseq 2000 Firmware
Novaseq 6000 Firmware
Novaseq 6000 Firmware

Affected Vendors

Illumina

References (4)

Vendor Advisory https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
Third Party Advisory https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
Vendor Advisory https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
Third Party Advisory https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
42
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate