CVE-2022-1746

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

CVSS v3.0 7.6 HIGH
CVSS v2.0 7.2 HIGH

7.6^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 0.9 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01	Mitigation Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dominionvoting:imagecast_x:*:*:*:*:*:*:*:*

cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.30:::::::*
	cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.32:::::::*

cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*

History

17 Apr 2025, 19:15

Type	Values Removed	Values Added
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 - Mitigation, Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 - Mitigation, Third Party Advisory, US Government Resource

24 Jul 2023, 13:17

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-863

Information

Published : 2022-06-24 15:15

Updated : 2025-04-17 19:15

NVD link : CVE-2022-1746

Mitre link : CVE-2022-1746

JSON object : View

Products Affected

dominionvoting

democracy_suite
imagecast_x

CWE

CWE-863

Incorrect Authorization

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "refsource": ""}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-863"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-1746", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.9}}, "publishedDate": "2022-06-24T15:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dominionvoting:imagecast_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-17T19:15Z"}