← back
CVE-2022-48506

CVE-2022-48506

CVSS 2.4 LOWEPSS 0.4%CWE-338
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.4EPSS 0.4%KEV nãoPoC Patch
Lifecycle
19 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://dvsorder.orghttps://freedom-to-tinker.com/2023/06/14/security-analysis-of-the-dominion-imagecast-x/https://www.eac.gov/sites/default/files/voting_system/files/D-Suite%205.17%20Certificate%20and%20Scope%20SIGNED.pdfhttps://www.eac.gov/voting-equipment/democracy-suite-517