Security News > 2022 > June > CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices
The U.S. Cybersecurity and Infrastructure Security Agency and Food and Drug Administration have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing software.
The issues impact software in medical devices used for "Clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only," according to the FDA. "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA said in an alert.
"An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network."
CVE-2022-1517 - A remote code execution vulnerability at the operating system level that could allow an attacker to tamper with settings and access sensitive data or APIs.
CVE-2022-1518 - A directory traversal vulnerability that could allow an attacker to upload malicious files to arbitrary locations.
CVE-2022-1524 - A lack of TLS encryption for LRM versions 2.4 and lower that could be abused by an attacker to stage a man-in-the-middle attack and access credentials.
News URL
https://thehackernews.com/2022/06/cisa-warned-about-critical.html
Related news
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- CISA urges software devs to weed out SQL injection vulnerabilities (source)
- CISA investigates critical infrastructure breach after Sisense hack (source)
- CISA says Sisense hack impacts critical infrastructure orgs (source)
- CISA urges software devs to weed out path traversal vulnerabilities (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-1524 | Cleartext Transmission of Sensitive Information vulnerability in Illumina Local RUN Manager 1.3/2.0/3.1 LRM version 2.4 and lower does not implement TLS encryption. | 4.3 |
| 2022-06-24 | CVE-2022-1518 | Path Traversal vulnerability in Illumina Local RUN Manager 1.3/2.0/3.1 LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | 7.5 |
| 2022-06-24 | CVE-2022-1517 | Improper Privilege Management vulnerability in Illumina Local RUN Manager 1.3/2.0/3.1 LRM utilizes elevated privileges. | 9.8 |