Cleartext transmission of sensitive information in Illumina products - CVE-2022-1524
Published: June 3, 2022
Vulnerability identifier: #VU63964
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-1524
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
In Vitro Diagnostic NextSeq 550Dx
In Vitro Diagnostic MiSeq Dx
NextSeq 500 Instrument
NextSeq 550 Instrument
MiSeq Instrument
iSeq 100 Instrument
MiniSeq Instrument
Local Run Manager (LRM)
In Vitro Diagnostic NextSeq 550Dx
In Vitro Diagnostic MiSeq Dx
NextSeq 500 Instrument
NextSeq 550 Instrument
MiSeq Instrument
iSeq 100 Instrument
MiniSeq Instrument
Local Run Manager (LRM)
Software vendor:
Illumina
Illumina
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
Remediation
Install updates from vendor's website.