// For flags

CVE-2022-1746

2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266

Severity Score

7.6
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

El mecanismo de autenticación usado por los trabajadores electorales para administrar la votación usando la versión probada de Dominion Voting Systems ImageCast X puede exponer secretos criptográficos usados para proteger la información electoral. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso a información confidencial y llevar a cabo acciones privilegiadas, afectando potencialmente a otros equipos electorales

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-16 CVE Reserved
  • 2022-06-24 CVE Published
  • 2024-01-15 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-266: Incorrect Privilege Assignment
  • CWE-863: Incorrect Authorization
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 Mitigation
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dominionvoting
Search vendor "Dominionvoting"
 Imagecast X
Search vendor "Dominionvoting" for product "Imagecast X"
*-
Affected
in Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Safe
Dominionvoting
Search vendor "Dominionvoting"
 Imagecast X
Search vendor "Dominionvoting" for product "Imagecast X"
 5.5.10.30
Search vendor "Dominionvoting" for product "Imagecast X" and version "5.5.10.30"
-
Affected
in Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Safe
Dominionvoting
Search vendor "Dominionvoting"
 Imagecast X
Search vendor "Dominionvoting" for product "Imagecast X"
 5.5.10.32
Search vendor "Dominionvoting" for product "Imagecast X" and version "5.5.10.32"
-
Affected
in Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Safe