The two vulnerabilities, CVE-2023-1968 and CVE-2023-1966, are a 10/10 critical vulnerability that enables hackers to listen to all network traffic, potentially finding more vulnerable hosts on the network, and a 7.4/10 high-severity vulnerability that enables users to run commands with elevated privileges, respectively. Illumina has sent notifications to affected customers instructing them to check their instruments and medical devices for potential exploitation of the vulnerability. The vulnerabilities impact multiple Illumina products, and the mitigation measures vary depending on the software in question. Illumina recommends updating system software, configuring UCS account credentials, and closing specific firewall ports that may be abused.
