CVE-2022-1739

Published: Jun 24, 2022Modified: Apr 17, 2025

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.

Affected (3)

Products: Dominionvoting: Imagecast X

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dominionvoting Imagecast X	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dominionvoting Imagecast X	Version 5.5.10.30
Dominionvoting Imagecast X	Version 5.5.10.32

Running on/with	Platform Versions
Dominionvoting Democracy Suite	Version 5.5-a

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.