CVE-2022-1517 CRITICAL

CVE-2022-1517: 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Vendor Illumina
Product NextSeq 550Dx
Weakness CWE-250
Published June 24, 2022
Last update April 16, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

Key dates

02Disclosure timeline

June 24, 2022 CVE published
April 16, 2025 Record updated