See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2022-48506

CVSS 3.1 Score 2.4 of 10 (low)

Attack Complexity low

Confidentiality low

Integrity none

Availability none

Scope unchanged

Privileges Required none

Details

Published Jun 19, 2023

Updated: Jan 2, 2025

CWE ID 338

Summary

CVE-2022-48506 is a vulnerability affecting Dominion Voting Systems' ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners. The flawed pseudorandom number generator in these systems enables an attacker to discern the order in which ballots were cast from publicly available ballot-level data. This deanonymization of voted ballots poses a significant risk to voter privacy in various scenarios. The affected versions of Democracy Suite include 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, and 5.15. A mention of an improved pseudo random number algorithm in Democracy Suite 5.17 EAC Certificate of Conformance might suggest a potential resolution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Democracy Suite

Affected Vendors

Dominion Voting Systems Corporation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database