2.4
CVE-2022-48506
- EPSS 0.06%
- Veröffentlicht 19.06.2023 16:15:09
- Zuletzt bearbeitet 02.01.2025 21:15:08
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dominionvoting ≫ Democracy Suite Version5.2
Dominionvoting ≫ Democracy Suite Version5.4-nm
Dominionvoting ≫ Democracy Suite Version5.5
Dominionvoting ≫ Democracy Suite Version5.5-a
Dominionvoting ≫ Democracy Suite Version5.5-b
Dominionvoting ≫ Democracy Suite Version5.5-c
Dominionvoting ≫ Democracy Suite Version5.5-d
Dominionvoting ≫ Democracy Suite Version5.7-a
Dominionvoting ≫ Democracy Suite Version5.10
Dominionvoting ≫ Democracy Suite Version5.10a
Dominionvoting ≫ Democracy Suite Version5.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.4 | 0.9 | 1.4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2.4 | 0.9 | 1.4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.