CVE-2022-1519
published 2022-06-24CVE-2022-1519: LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.26%
65.9th percentile
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| illumina | iseq_100_instrument | — | — |
| illumina | local_run_manager | 1.3 – 3.1 | — |
| illumina | miniseq_instrument | — | — |
| illumina | miseq_dx | — | — |
| illumina | miseq_instrument | — | — |
| illumina | nextseq_500_instrument | — | — |
| illumina | nextseq_550_instrument | — | — |
| illumina | nextseq_550dx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
hash52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841↗
- →CVE-2022-1519 is an unrestricted file upload vulnerability in Illumina LRM. Monitor for unauthenticated HTTP file upload requests to the LRM web interface that include executable file types (e.g., .exe, .msi, .dll, .sh, .ps1). Any non-data file upload to LRM should be treated as suspicious. ↗
- →CVE-2022-1519 is chained with CVE-2022-1517 (execution with elevated/unnecessary privileges) and CVE-2022-1518 (path traversal). Detections should also look for directory traversal sequences (e.g., '../') in upload paths to LRM endpoints, as uploaded executables may be placed outside the intended directory. ↗
- →LRM does not implement authentication or authorization by default, meaning exploit attempts against CVE-2022-1519 require no credentials. Alert on any unauthenticated file upload activity to LRM endpoints. ↗
- ·The patch hashes provided (SHA-512, SHA-256, SHA-1, MD5) are for the LEGITIMATE Illumina security patch file (LocalRunManagerSecurityPatch.msi), not for malware. Use these hashes to verify patch integrity, not as malicious IOCs. ↗
- ·No known public exploits specifically targeting CVE-2022-1519 were identified at the time of advisory publication, limiting the availability of concrete attacker-specific IOCs. ↗
- ·LRM version 2.4 and lower transmits data (including credentials) in cleartext without TLS, meaning network-based detections on encrypted traffic will not apply to these older versions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pg3-x42q-599h: LRM does not restrict the types of files that can be uploaded to the affected product
ghsa_unreviewed·2022-06-25
CVE-2022-1519 [CRITICAL] CWE-434 GHSA-4pg3-x42q-599h: LRM does not restrict the types of files that can be uploaded to the affected product
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
CISA ICS
Illumina Local Run Manager (Update A)
cisa_ics·2022-06-22
Illumina Local Run Manager (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Illumina Local Run Manager (Update A)
Last RevisedAugust 23, 2022
Alert CodeICSA-22-153-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Illumina
- Equipment: Local Run Manager (LRM)
- Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information
## 2. UPDATED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-153-02 Illumina Local Run Manager that was published June 22, 2022, on the IC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-24
Published