CVE-2022-1739

Summary

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.

Affected Software

VendorProductVersion RangeStatus
Dominion Voting SystemsImageCast X firmwareVersion 5.5-Aaffected
Dominion Voting SystemsImageCast X applicationVersions 5.5.10.30 and 5.5.10.32affected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References