CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1745 – 2.2.7 AUTHENTICATION BYPASS BY SPOOFING CWE-290
https://notcve.org/view.php?id=CVE-2022-1745
24 Jun 2022 — The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. El mecanismo de autenticación usado por los técnicos en la versión probada de Dominion Voting Systems ImageCast X es susceptible de ser falsificado. Un atacante con acceso físico puede usar esto para obtener pri... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1740 – 2.2.2 MUTABLE ATTESTATION OR MEASUREMENT REPORTING DATA CWE-1283
https://notcve.org/view.php?id=CVE-2022-1740
24 Jun 2022 — The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device. La versión probada de Dominion Voting Systems ImageCast X cuenta con la función de visualización de hash de aplicaciones en pantalla, la exportación de registros de auditoría y la funcionalidad application export, que son ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-1283: Mutable Attestation or Measurement Reporting Data •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1742 – 2.2.4 IMPROPER PROTECTION OF ALTERNATE PATH CWE-424
https://notcve.org/view.php?id=CVE-2022-1742
24 Jun 2022 — The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. La versión probada de Dominion Voting Systems ImageCast X permite reiniciar en el modo seguro de Android, lo que permite a un atacante acceder directamente al sistema operativo. Un atacante podría aprovechar esta vulnerabilidad par... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-424: Improper Protection of Alternate Path •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1743 – 2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24
https://notcve.org/view.php?id=CVE-2022-1743
24 Jun 2022 — The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS. La versión probada de Dominion Voting System ImageCast X puede ser manipulada para causar la ejecución de código arbitrario mediante archivos de definición electoral especialmente diseñados. Un atacante podría aprovechar esta vulnerabilidad para ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-24: Path Traversal: '../filedir' •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1741 – 2.2.3 HIDDEN FUNCTIONALITY CWE-912
https://notcve.org/view.php?id=CVE-2022-1741
24 Jun 2022 — The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. La versión probada de Dominion Voting Systems ImageCast X presenta una aplicación de emulador de terminal que podría ser aprovechada por un atacante para obtener altos privilegios en un dispositivo y/o instalar código malicioso • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-912: Hidden Functionality •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1744 – 2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
https://notcve.org/view.php?id=CVE-2022-1744
24 Jun 2022 — Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. Las aplicaciones en la versión probada de Dominion Voting Systems ImageCast X pueden ejecutar código con privilegios elevados explotando un servicio a nivel de sistema. Un atacante podría aprovechar esta vulnerabilidad para escalar privilegios en... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1747
https://notcve.org/view.php?id=CVE-2022-1747
24 Jun 2022 — The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization. El mecanismo de autenticación usado por los votantes para activar una sesión de votación en la versión probada de Dominion Voting Systems ImageCast X es susceptible de ser falsificado. Un atacante podría aprovechar esta vulnerabilidad para im... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-346: Origin Validation Error •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1739 – 2.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
https://notcve.org/view.php?id=CVE-2022-1739
24 Jun 2022 — The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media. La versión probada de Dominion Voting ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1746 – 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266
https://notcve.org/view.php?id=CVE-2022-1746
24 Jun 2022 — The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. El mecanismo de autenticación usado por los trabajadores electorales para administrar la votación usando la versión probada de Dominion Voti... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-266: Incorrect Privilege Assignment CWE-863: Incorrect Authorization •