// For flags

CVE-2022-48506

 

Severity Score

2.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-06-19 CVE Reserved
  • 2023-06-19 CVE Published
  • 2024-07-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.2
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.2"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.4-nm
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.4-nm"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-a"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-b
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-b"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-c
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-c"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.5-d
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.5-d"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.7-a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.7-a"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.10
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.10"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.10a
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.10a"
-
Affected
Dominionvoting
Search vendor "Dominionvoting"
 Democracy Suite
Search vendor "Dominionvoting" for product "Democracy Suite"
 5.15
Search vendor "Dominionvoting" for product "Democracy Suite" and version "5.15"
-
Affected