CVE-2023-1968 Vulnerability Details

  /     /     /  

CVE-2023-1968 Metadata Quick Info

CVE Published: 28/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: icscert | Vendor: Illumina | Product: iScan Control Software
Status : PUBLISHED

---

CVE-2023-1968 Description

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-1327
CWE Name: CWE-1327 Binding to an Unrestricted IP Address
Source: Illumina

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).