Cleartext transmission of sensitive information in Illumina products - CVE-2022-1524

 

Cleartext transmission of sensitive information in Illumina products - CVE-2022-1524

Published: June 3, 2022


Vulnerability identifier: #VU63964
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-1524
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Illumina
Affected software:
In Vitro Diagnostic NextSeq 550Dx
In Vitro Diagnostic MiSeq Dx
NextSeq 500 Instrument
NextSeq 550 Instrument
MiSeq Instrument
iSeq 100 Instrument
MiniSeq Instrument
Local Run Manager (LRM)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


How to mitigate CVE-2022-1524

Install updates from vendor's website.

Sources