Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1739 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-10-26 | 7.2 HIGH | 6.8 MEDIUM |
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media. | |||||
CVE-2022-1740 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 2.1 LOW | 4.6 MEDIUM |
The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device. | |||||
CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 6.8 MEDIUM |
The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
CVE-2022-1742 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 6.8 MEDIUM |
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. | |||||
CVE-2022-1743 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 6.8 MEDIUM |
The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS. | |||||
CVE-2022-1744 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 6.8 MEDIUM |
Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. | |||||
CVE-2022-1745 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 6.8 MEDIUM |
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. | |||||
CVE-2022-1746 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 7.6 HIGH |
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. | |||||
CVE-2022-1747 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 2.1 LOW | 4.6 MEDIUM |
The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization. |