CVE-2022-1746

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

CVSS v3 7.6 HIGH
CVSS v2.0 7.2 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.9 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dominionvoting:imagecast_x:*:*:*:*:*:*:*:*

cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.30:::::::*
	cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.32:::::::*

cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*

History

24 Jul 2023, 13:17

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-863

Information

Published : 2022-06-24 15:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-1746

Mitre link : CVE-2022-1746

CVE.ORG link : CVE-2022-1746

JSON object : View

Products Affected

dominionvoting

democracy_suite
imagecast_x

CWE

CWE-863

Incorrect Authorization

CWE-266

Incorrect Privilege Assignment

{"id": "CVE-2022-1746", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.9}]}, "published": "2022-06-24T15:15:10.037", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment."}, {"lang": "es", "value": "El mecanismo de autenticaci\u00f3n usado por los trabajadores electorales para administrar la votaci\u00f3n usando la versi\u00f3n probada de Dominion Voting Systems ImageCast X puede exponer secretos criptogr\u00e1ficos usados para proteger la informaci\u00f3n electoral. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso a informaci\u00f3n confidencial y llevar a cabo acciones privilegiadas, afectando potencialmente a otros equipos electorales"}], "lastModified": "2023-07-24T13:17:11.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dominionvoting:imagecast_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36AF91D2-BA55-4090-8629-C962EF5C7D68"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7EF6FA8A-7FEE-473C-BB74-D5DC7A9FE24A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8207CE21-4D63-492C-973C-E9045EAB1082"}, {"criteria": "cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D398E91-1F02-46E7-B87B-8FA0821F63BC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7EF6FA8A-7FEE-473C-BB74-D5DC7A9FE24A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}