CVE-2023-1966

critical

Description

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.

References

Advisories

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01

https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html

Details

Source: Mitre, NVD

Published: 2023-04-28

Updated: 2023-05-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00191