CVE-2022-48506

CVSS 3.1 Score 2.4 of 10 (low)

Attack Complexity low
Confidentiality low
Integrity none
Availability none
Scope unchanged
Privileges Required none

Details

Published Jun 19, 2023
Updated: Jan 2, 2025
CWE ID 338

Summary

CVE-2022-48506 is a vulnerability affecting Dominion Voting Systems' ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners. The flawed pseudorandom number generator in these systems enables an attacker to discern the order in which ballots were cast from publicly available ballot-level data. This deanonymization of voted ballots poses a significant risk to voter privacy in various scenarios. The affected versions of Democracy Suite include 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, and 5.15. A mention of an improved pseudo random number algorithm in Democracy Suite 5.17 EAC Certificate of Conformance might suggest a potential resolution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Democracy Suite

Affected Vendors

  • Dominion Voting Systems Corporation