#VU63959 Execution with unnecessary privileges in Illumina products - CVE-2022-1517
Published: June 3, 2022
Vulnerability identifier: #VU63959
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-1517
CWE-ID: CWE-250
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
In Vitro Diagnostic NextSeq 550Dx
In Vitro Diagnostic MiSeq Dx
NextSeq 500 Instrument
NextSeq 550 Instrument
MiSeq Instrument
iSeq 100 Instrument
MiniSeq Instrument
Local Run Manager (LRM)
In Vitro Diagnostic NextSeq 550Dx
In Vitro Diagnostic MiSeq Dx
NextSeq 500 Instrument
NextSeq 550 Instrument
MiSeq Instrument
iSeq 100 Instrument
MiniSeq Instrument
Local Run Manager (LRM)
Software vendor:
Illumina
Illumina
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application binary has a setuid bit. A remote attacker can run the affected binary and execute arbitrary code on the system with root privileges.
Remediation
Install updates from vendor's website.