CVE-2023-1968

high-risk
Published 2023-04-28

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (15)

Iscan Firmware
Iscan Firmware
Iseq 100 Firmware
Miniseq Firmware
Miseq Firmware
Miseqdx Firmware
Miseqdx Firmware
Nextseq 500 Firmware
Nextseq 550 Firmware
Nextseq 550Dx Firmware
Nextseq 550Dx Firmware
Nextseq 1000 Firmware
Nextseq 2000 Firmware
Novaseq 6000 Firmware
Novaseq 6000 Firmware

Affected Vendors

Illumina

References (4)

Vendor Advisory https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
Third Party Advisory https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
Vendor Advisory https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
Third Party Advisory https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
52
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate