Vulnerability Description
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dominionvoting | Democracy Suite | 5.2 |
Related Weaknesses (CWE)
References
- https://dvsorder.orgProduct
- https://freedom-to-tinker.com/2023/06/14/security-analysis-of-the-dominion-imageThird Party Advisory
- https://www.eac.gov/sites/default/files/voting_system/files/D-Suite%205.17%20CerProductUS Government Resource
- https://www.eac.gov/voting-equipment/democracy-suite-517ProductUS Government Resource
- https://dvsorder.orgProduct
- https://freedom-to-tinker.com/2023/06/14/security-analysis-of-the-dominion-imageThird Party Advisory
- https://www.eac.gov/sites/default/files/voting_system/files/D-Suite%205.17%20CerProductUS Government Resource
- https://www.eac.gov/voting-equipment/democracy-suite-517ProductUS Government Resource
FAQ
What is CVE-2022-48506?
CVE-2022-48506 is a vulnerability with a CVSS score of 2.4 (LOW). A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were ca...
How severe is CVE-2022-48506?
CVE-2022-48506 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48506?
Check the references section above for vendor advisories and patch information. Affected products include: Dominionvoting Democracy Suite.