← back
CVE-2022-1518

3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22

CVSS 10 CRITICALEPSS 1.5%CWE-22
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Jun 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Illumina · iSeq 100 InstrumentIllumina · MiniSeq InstrumentIllumina · MiSeq DxIllumina · MiSeq InstrumentIllumina · NextSeq 500 InstrumentIllumina · NextSeq 550DxIllumina · NextSeq 550 Instrument

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02