CVE-2022-1517
Last modified
CVE-2022-1517 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. EPSS estimates a 1.63% chance of exploitation in the next 30 days.
Description
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Illumina | Local Run Manager | >= 1.3, <= 3.1 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1517?
How severe is CVE-2022-1517?
How do I fix CVE-2022-1517?
Are you affected by CVE-2022-1517?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST