/

CVE-2023-1966 Report - Details, Severity, & Advisories

CVE-2023-1966 Report - Details, Severity, & Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1966 is a critical vulnerability affecting the Instruments with Illumina Universal Copy Service v1.x and v2.x. This unnecessary privileges vulnerability allows an unauthenticated malicious actor to upload and execute code remotely at the operating system level, potentially changing settings, configurations, software, or accessing sensitive data on the affected product. The systems impacted include various configurations of Illumina's iScan, iSeq 100, MiniSeq, MiSeq, MiSeqDX, NextSeq 500, NextSeq 550, NextSeq 550DX, NextSeq 1000, NextSeq 2000, and NovaSeq 6000 firmware.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Illumina Universal Copy Service v1.x or v2.x on any of the following instruments: iScan Firmware versions 4.0.0 and 4.0.5, iSeq 100 Firmware, MiniSeq Firmware versions from 2.0, MiSeq Firmware versions from 4.0, MiSeqDX Firmware versions 4.0 and from 4.0.1, NextSeq 1000 Firmware version 1.4.1, NextSeq 2000 Firmware version 1.4.1, NextSeq 500 Firmware version 4.0, NextSeq 550 Firmware version 4.0, NextSeq 550DX Firmware versions from 1.0.0 up to 1.3.1, from 1.3.3, and version 4.0, and NovaSeq 6000 Firmware versions up to 1.7 and version 1.8. If your instrument and its software version match any of these, you are affected by this vulnerability.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these steps. First, identify the specific actions required for your instrument and software version. Download and follow the relevant instruction guide. Watch the demonstration video for additional guidance. Contact Illumina Technical Support if necessary. Minimize network exposure, isolate control systems, and use secure remote access methods like VPNs to further protect your system.

Is CVE-2023-1966 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1966 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects Instruments with Illumina Universal Copy Service v1.x and v2.x and allows an attacker to take any action at the operating system level. It was published on April 28, 2023, but no due date or specific required action is provided on the NVD page. To mitigate the vulnerability, users should follow the instructions provided by Illumina and CISA, such as minimizing network exposure and using secure remote access methods.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 and CWE-250, which highlights two main issues: improper privilege management and execution with unnecessary privileges. This could allow an attacker to take any action at the operating system level.

For more details

CVE-2023-1966 is a critical vulnerability affecting Illumina Universal Copy Service, with potential consequences including unauthorized access and control over affected systems. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1966 Report - Details, Severity, & Advisories

CVE-2023-1966 Report - Details, Severity, & Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1966 is a critical vulnerability affecting the Instruments with Illumina Universal Copy Service v1.x and v2.x. This unnecessary privileges vulnerability allows an unauthenticated malicious actor to upload and execute code remotely at the operating system level, potentially changing settings, configurations, software, or accessing sensitive data on the affected product. The systems impacted include various configurations of Illumina's iScan, iSeq 100, MiniSeq, MiSeq, MiSeqDX, NextSeq 500, NextSeq 550, NextSeq 550DX, NextSeq 1000, NextSeq 2000, and NovaSeq 6000 firmware.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Illumina Universal Copy Service v1.x or v2.x on any of the following instruments: iScan Firmware versions 4.0.0 and 4.0.5, iSeq 100 Firmware, MiniSeq Firmware versions from 2.0, MiSeq Firmware versions from 4.0, MiSeqDX Firmware versions 4.0 and from 4.0.1, NextSeq 1000 Firmware version 1.4.1, NextSeq 2000 Firmware version 1.4.1, NextSeq 500 Firmware version 4.0, NextSeq 550 Firmware version 4.0, NextSeq 550DX Firmware versions from 1.0.0 up to 1.3.1, from 1.3.3, and version 4.0, and NovaSeq 6000 Firmware versions up to 1.7 and version 1.8. If your instrument and its software version match any of these, you are affected by this vulnerability.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these steps. First, identify the specific actions required for your instrument and software version. Download and follow the relevant instruction guide. Watch the demonstration video for additional guidance. Contact Illumina Technical Support if necessary. Minimize network exposure, isolate control systems, and use secure remote access methods like VPNs to further protect your system.

Is CVE-2023-1966 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1966 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects Instruments with Illumina Universal Copy Service v1.x and v2.x and allows an attacker to take any action at the operating system level. It was published on April 28, 2023, but no due date or specific required action is provided on the NVD page. To mitigate the vulnerability, users should follow the instructions provided by Illumina and CISA, such as minimizing network exposure and using secure remote access methods.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 and CWE-250, which highlights two main issues: improper privilege management and execution with unnecessary privileges. This could allow an attacker to take any action at the operating system level.

For more details

CVE-2023-1966 is a critical vulnerability affecting Illumina Universal Copy Service, with potential consequences including unauthorized access and control over affected systems. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1966 Report - Details, Severity, & Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1966 is a critical vulnerability affecting the Instruments with Illumina Universal Copy Service v1.x and v2.x. This unnecessary privileges vulnerability allows an unauthenticated malicious actor to upload and execute code remotely at the operating system level, potentially changing settings, configurations, software, or accessing sensitive data on the affected product. The systems impacted include various configurations of Illumina's iScan, iSeq 100, MiniSeq, MiSeq, MiSeqDX, NextSeq 500, NextSeq 550, NextSeq 550DX, NextSeq 1000, NextSeq 2000, and NovaSeq 6000 firmware.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Illumina Universal Copy Service v1.x or v2.x on any of the following instruments: iScan Firmware versions 4.0.0 and 4.0.5, iSeq 100 Firmware, MiniSeq Firmware versions from 2.0, MiSeq Firmware versions from 4.0, MiSeqDX Firmware versions 4.0 and from 4.0.1, NextSeq 1000 Firmware version 1.4.1, NextSeq 2000 Firmware version 1.4.1, NextSeq 500 Firmware version 4.0, NextSeq 550 Firmware version 4.0, NextSeq 550DX Firmware versions from 1.0.0 up to 1.3.1, from 1.3.3, and version 4.0, and NovaSeq 6000 Firmware versions up to 1.7 and version 1.8. If your instrument and its software version match any of these, you are affected by this vulnerability.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these steps. First, identify the specific actions required for your instrument and software version. Download and follow the relevant instruction guide. Watch the demonstration video for additional guidance. Contact Illumina Technical Support if necessary. Minimize network exposure, isolate control systems, and use secure remote access methods like VPNs to further protect your system.

Is CVE-2023-1966 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1966 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects Instruments with Illumina Universal Copy Service v1.x and v2.x and allows an attacker to take any action at the operating system level. It was published on April 28, 2023, but no due date or specific required action is provided on the NVD page. To mitigate the vulnerability, users should follow the instructions provided by Illumina and CISA, such as minimizing network exposure and using secure remote access methods.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-269 and CWE-250, which highlights two main issues: improper privilege management and execution with unnecessary privileges. This could allow an attacker to take any action at the operating system level.

For more details

CVE-2023-1966 is a critical vulnerability affecting Illumina Universal Copy Service, with potential consequences including unauthorized access and control over affected systems. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.