MidnightBSD

Advisories for dominionvoting

CVE-2022-1739 HIGH

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1740 LOW

The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-1283,NVD-CWE-Other,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1741 HIGH

The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-912,NVD-CWE-Other,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1742 HIGH

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-424,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1743 HIGH

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-24,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1744 HIGH

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-250,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1745 HIGH

The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-290,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1746 HIGH

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-266,CWE-863,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-1747 LOW

The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-346,

Products Affected

Vendor Product Version
dominionvoting imagecast_x 5.5.10.30
dominionvoting imagecast_x 5.5.10.32
dominionvoting imagecast_x *
CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.

Products Affected

Vendor Product Version
dominionvoting democracy_suite 5.5-c
dominionvoting democracy_suite 5.5-d
dominionvoting democracy_suite 5.15
dominionvoting democracy_suite 5.5
dominionvoting democracy_suite 5.5-a
dominionvoting democracy_suite 5.10
dominionvoting democracy_suite 5.10a
dominionvoting democracy_suite 5.7-a
dominionvoting democracy_suite 5.4-nm
dominionvoting democracy_suite 5.2
dominionvoting democracy_suite 5.5-b