cnvd - cnvd-2022-64998

CNVD-2022-64998

Vulnerability from cnvd - Published: 2022-09-22

Title

Illumina Local Run Manager代码注入漏洞

Description

Illumina Local Run Manager是美国Illumina公司的一种集成解决方案。旨在创建测序运行、监控运行状态、分析测序数据和查看结果。 Illumina Local Run Manager存在代码注入漏洞，攻击者可利用该漏洞在操作系统级别远程上传和执行代码。

Severity

高

Patch Name

Illumina Local Run Manager代码注入漏洞的补丁

Patch Description

Illumina Local Run Manager是美国Illumina公司的一种集成解决方案。旨在创建测序运行、监控运行状态、分析测序数据和查看结果。 Illumina Local Run Manager存在代码注入漏洞，攻击者可利用该漏洞在操作系统级别远程上传和执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

Impacted products

Name
Illumina Local Run Manager (LRM) >=1.3，<=3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-1517"
    }
  },
  "description": "Illumina Local Run Manager\u662f\u7f8e\u56fdIllumina\u516c\u53f8\u7684\u4e00\u79cd\u96c6\u6210\u89e3\u51b3\u65b9\u6848\u3002\u65e8\u5728\u521b\u5efa\u6d4b\u5e8f\u8fd0\u884c\u3001\u76d1\u63a7\u8fd0\u884c\u72b6\u6001\u3001\u5206\u6790\u6d4b\u5e8f\u6570\u636e\u548c\u67e5\u770b\u7ed3\u679c\u3002\n\nIllumina Local Run Manager\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u64cd\u4f5c\u7cfb\u7edf\u7ea7\u522b\u8fdc\u7a0b\u4e0a\u4f20\u548c\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.illumina.com/downloads/illumina-local-run-manager-1.0.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-64998",
  "openTime": "2022-09-22",
  "patchDescription": "Illumina Local Run Manager\u662f\u7f8e\u56fdIllumina\u516c\u53f8\u7684\u4e00\u79cd\u96c6\u6210\u89e3\u51b3\u65b9\u6848\u3002\u65e8\u5728\u521b\u5efa\u6d4b\u5e8f\u8fd0\u884c\u3001\u76d1\u63a7\u8fd0\u884c\u72b6\u6001\u3001\u5206\u6790\u6d4b\u5e8f\u6570\u636e\u548c\u67e5\u770b\u7ed3\u679c\u3002\r\n\r\nIllumina Local Run Manager\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u64cd\u4f5c\u7cfb\u7edf\u7ea7\u522b\u8fdc\u7a0b\u4e0a\u4f20\u548c\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Illumina Local Run Manager\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Illumina Local Run Manager (LRM) \u003e=1.3\uff0c\u003c=3.1"
  },
  "referenceLink": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
  "serverity": "\u9ad8",
  "submitTime": "2022-06-05",
  "title": "Illumina Local Run Manager\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2022-1517 (GCVE-0-2022-1517)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17

Title

3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Summary

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - cwe-250

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:02.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1517",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:32.128012Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:17:11.157Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "cwe-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:12.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1517",
          "STATE": "PUBLIC",
          "TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "cwe-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1517",
    "datePublished": "2022-06-24T15:00:12.934Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:17:11.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-64998

CVE-2022-1517 (GCVE-0-2022-1517)

Tags

Sightings

Nomenclature