CVE-2023-1966

Name of the Vulnerable Software and Affected Versions Illumina Universal Copy Service versions v1.x through v2.x

Description The issue is related to unnecessary privileges in the Illumina Universal Copy Service, which could allow an unauthenticated malicious actor to upload and execute code remotely at the operating system level. This could enable an attacker to change settings, configurations, software, or access sensitive data on the affected product. The vulnerability is also associated with errors in managing privileges, potentially allowing a remote attacker to disclose protected information and upload or execute code with elevated privileges.

Recommendations For Illumina Universal Copy Service versions v1.x through v2.x, consider disabling remote code execution capabilities until a patch is available. Restrict access to sensitive data and configurations to minimize the risk of exploitation. Avoid using the service for uploading or executing code from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.