CVE-2022-1517
published 2022-06-24CVE-2022-1517: LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.63%
73.3th percentile
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| illumina | iseq_100_instrument | — | — |
| illumina | local_run_manager | 1.3 – 3.1 | — |
| illumina | miniseq_instrument | — | — |
| illumina | miseq_dx | — | — |
| illumina | miseq_instrument | — | — |
| illumina | nextseq_500_instrument | — | — |
| illumina | nextseq_550_instrument | — | — |
| illumina | nextseq_550dx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
hash52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841↗
- →Monitor for unauthenticated remote file upload attempts to the LRM service, particularly uploads of executable file types (e.g., .exe, .msi, .dll, .sh) which may indicate exploitation of CVE-2022-1519 (unrestricted file upload) chained with CVE-2022-1517 (execution with unnecessary privileges). ↗
- →Detect path traversal sequences in HTTP requests targeting the LRM upload endpoint, indicative of CVE-2022-1518 exploitation to write files outside the intended directory. ↗
- →Alert on any unauthenticated access to LRM APIs, especially from external/internet-facing sources; LRM implements no authentication or authorization by default, making all API endpoints reachable without credentials. ↗
- →For LRM version 2.4 and lower, monitor for cleartext (non-TLS) credential transmission on the network; MITM interception of LRM traffic on these versions may expose credentials in plaintext. ↗
- ·The patch hashes provided (SHA-512, SHA-256, SHA-1, MD5) are for the LEGITIMATE patch file (LocalRunManagerSecurityPatch.msi) and should be used to VERIFY patch integrity, not as malicious IOCs. Do not block these hashes. ↗
- ·No known public exploits specifically target these vulnerabilities at time of advisory publication; detections should focus on behavioral/anomaly indicators rather than known exploit signatures. ↗
- ·CVE-2022-1517 (CVSS 10.0, AV:N/AC:L/PR:N/UI:N/S:C) is network-exploitable with no authentication required and no user interaction; treat any internet-exposed LRM instance as critically at risk. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Illumina Local Run Manager (Update A)
cisa_ics·2022-06-22
Illumina Local Run Manager (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Illumina Local Run Manager (Update A)
Last RevisedAugust 23, 2022
Alert CodeICSA-22-153-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Illumina
- Equipment: Local Run Manager (LRM)
- Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information
## 2. UPDATED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-153-02 Illumina Local Run Manager that was published June 22, 2022, on the IC
GHSA
GHSA-xwwx-p8gv-wf69: LRM utilizes elevated privileges
ghsa_unreviewed·2022-06-25
CVE-2022-1517 [CRITICAL] CWE-94 GHSA-xwwx-p8gv-wf69: LRM utilizes elevated privileges
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
blogs_talos·2022-09-22·CVSS 9.8
CVE-2022-29503 [CRITICAL] Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
## Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
Lilith >_> of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is the GNU Project's implementation of the C standard library.
TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads.
Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker con
Talos
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
blogs_talos·2022-09-22·CVSS 9.8
CVE-2022-29503 [CRITICAL] Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
Lilith >_> of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is the GNU Project's implementation of the C standard library.
TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads.
Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker confirmed that they’ve patched for this issue. However, uClibC has not issued an official fix
2022-06-24
Published