Oxford Nanopore Technologies MinKNOW

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and manipulate data, and bypass authentication controls.

CVEs (3)

Remediations

• Oxford Nanopore Technologies recommends users upgrade to MinKNOW Versions later than 24.11 to eliminate these vulnerabilities.
• If users are unable to upgrade to v24.11 to reduce risk from the remaining Authentication Token and Token Lock vulnerabilities, Oxford Nanopore advises the following additional measures for users on version 24.06:
• Remote Connect: Keep Remote Connect disabled in MinKNOW unless strictly required, and enable it only within trusted network environments.
• Endpoint Protection: Install and maintain antivirus and malware scanning tools to mitigate denial-of-service (DoS) conditions arising from local exploitation or malware.
• Users running older versions of MinKNOW who cannot upgrade immediately should contact Oxford Nanopore Support for guidance on securing their configurations. Downloading the release requires users to be logged into the Nanopore Community.

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health