CVE-2022-1519

Published: Jun 24, 2022Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

Affected (1)

Products: Illumina: Local Run Manager

Illumina

1 product

Local Run Manager

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Illumina Local Run Manager	From 1.3 to 3.1

Running on/with	Platform Versions
Illumina Iseq 100	All versions
Illumina Miniseq	All versions
Illumina Miseq	All versions
Illumina Miseq Dx	All versions
Illumina Nextseq 500	All versions
Illumina Nextseq 550	All versions
Illumina Nextseq 550dx	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.