Vulnerability identifier: #VU63959
Vulnerability risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-250
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
In Vitro Diagnostic NextSeq 550Dx
Hardware solutions /
Other hardware appliances
In Vitro Diagnostic MiSeq Dx
Hardware solutions /
Other hardware appliances
NextSeq 500 Instrument
Hardware solutions /
Other hardware appliances
NextSeq 550 Instrument
Hardware solutions /
Other hardware appliances
MiSeq Instrument
Hardware solutions /
Other hardware appliances
iSeq 100 Instrument
Hardware solutions /
Other hardware appliances
MiniSeq Instrument
Hardware solutions /
Other hardware appliances
Local Run Manager (LRM)
Other software /
Other software solutions
Vendor: Illumina
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application binary has a setuid bit. A remote attacker can run the affected binary and execute arbitrary code on the system with root privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
In Vitro Diagnostic NextSeq 550Dx: All versions
In Vitro Diagnostic MiSeq Dx: All versions
NextSeq 500 Instrument: All versions
NextSeq 550 Instrument: All versions
MiSeq Instrument: All versions
iSeq 100 Instrument: All versions
MiniSeq Instrument: All versions
Local Run Manager (LRM): 1.3 - 3.1
External links
http://ics-cert.us-cert.gov/advisories/icsa-22-153-02
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.