CVE-2022-1746
7.6
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 6.0
Source: NVD
Description
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.
Affected (3)
Products: Dominionvoting: Imagecast X
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.5.10.30 |
| Running on/with | Platform Versions |
|---|---|
Dominionvoting Democracy Suite | Version 5.5-a |
Related CWEs
CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (2)
Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource
Timeline
No history available yet.