- #IMAGECAST X ACCESSIBLE INSTALL#
- #IMAGECAST X ACCESSIBLE UPGRADE#
- #IMAGECAST X ACCESSIBLE VERIFICATION#
#IMAGECAST X ACCESSIBLE INSTALL#
An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.ĬVE-2022-1739 has been assigned to this vulnerability. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. The tested version of ImageCast X does not validate application signatures to a trusted root certificate.
#IMAGECAST X ACCESSIBLE VERIFICATION#
2.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 NOTE: Mitigations to reduce the risk of exploitation of these vulnerabilities can be found in Section 3 of this document. Instructions to check for and mitigate this condition are available from Dominion Voting Systems.Īny jurisdictions running ImageCast X are encouraged to contact Dominion Voting Systems to understand the vulnerability status of their specific implementation.
#IMAGECAST X ACCESSIBLE UPGRADE#
NOTE: After following the vendor’s procedure to upgrade the ImageCast X from Version 5.5.10.30 to 5.5.10.32, or after performing other Android administrative actions, the ImageCast X may be left in a configuration that could allow an attacker who can attach an external input device to escalate privileges and/or install malicious code.ImageCast X application Versions 5.5.10.30 and 5.5.10.32, as used in Dominion Democracy Suite Voting System Version 5.5-A.ImageCast X firmware based on Android 5.1, as used in Dominion Democracy Suite Voting System Version 5.5-A.The following versions of the Dominion Voting Systems ImageCast X software are known to be affected (other versions were not able to be tested):
Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems. While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.Įxploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. The ImageCast X can be configured to allow a voter to produce a paper record or to record votes electronically. This advisory identifies vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.
0 kommentar(er)
