// For flags

CVE-2022-1739

2.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.

La versión probada de Dominion Voting Systems ImageCast X no comprueba las firmas de las aplicaciones con un certificado root confiable. El uso de un certificado root confiable garantiza que el software instalado en un dispositivo sea rastreable o verificable con respecto a una clave criptográfica proporcionada por el fabricante para detectar manipulaciones. Un atacante podría aprovechar esta vulnerabilidad para instalar código malicioso, que también podría propagarse a otros dispositivos ImageCast X vulnerables por medio de soportes extraíbles

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-16 CVE Reserved
  • 2022-06-24 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 Mitigation
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dominionvoting
Search vendor "Dominionvoting"
 Imagecast X
Search vendor "Dominionvoting" for product "Imagecast X"
*-
Affected
in Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Safe
Dominionvoting
Search vendor "Dominionvoting"
 Imagecast X
Search vendor "Dominionvoting" for product "Imagecast X"
 5.5.10.30
Search vendor "Dominionvoting" for product "Imagecast X" and version "5.5.10.30"
-
Affected
in Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Safe
Dominionvoting
Search vendor "Dominionvoting"
 Imagecast X
Search vendor "Dominionvoting" for product "Imagecast X"
 5.5.10.32
Search vendor "Dominionvoting" for product "Imagecast X" and version "5.5.10.32"
-
Affected
in Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Safe