Lucene search

IcscertCVELIST:CVE-2022-1746

HistoryJun 24, 2022 - 3:00 p.m.

CVE-2022-1746 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266

2022-06-2415:00:21

CWE-266

icscert

www.cve.org

cve-2022-1746

incorrect privilege assignment

cwe-266

authentication mechanism

poll workers

cryptographic secrets

election information

attacker

sensitive information

privileged actions

election equipment

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

34.2%

JSON

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

CNA Affected

[
  {
    "product": "ImageCast X application",
    "vendor": "Dominion Voting Systems",
    "versions": [
      {
        "status": "affected",
        "version": "Version 5.5-A Versions 5.5.10.30 and 5.5.10.32"
      }
    ]
  },
  {
    "product": "ImageCast X firmware",
    "vendor": "Dominion Voting Systems",
    "versions": [
      {
        "status": "affected",
        "version": "Version 5.5-A"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-154-01