SB2022060627 - Multiple vulnerabilities in Dominion Voting Systems ImageCast X

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-1739)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the affected application does not validate application signatures to a trusted root certificate. An authenticated attacker with physical access can install malicious code.

2) Mutable Attestation or Measurement Reporting Data (CVE-ID: CVE-2022-1740)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An authenticated attacker with physical access can disguise malicious applications on a device.

3) Hidden functionality (CVE-ID: CVE-2022-1741)

The vulnerability allows a local user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software within the Terminal Emulator application. An authenticated attacker with physical access can use this functionality to gain elevated privileges on the device and install malicious code.

4) Input validation error (CVE-ID: CVE-2022-1742)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the affected application allows for rebooting into Android Safe Mode. An authenticated attacker with physical access can directly access the operating system, escalate privileges on a device and install malicious code.

5) Path traversal (CVE-ID: CVE-2022-1743)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. An authenticated attacker with physical access can send a specially crafted election definition file and execute arbitrary code on the system.

6) Execution with unnecessary privileges (CVE-ID: CVE-2022-1744)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application binary has a setuid bit. An authenticated attacker with physical access can run the affected binary and execute arbitrary code on the system with root privileges.

7) Authentication Bypass by Spoofing (CVE-ID: CVE-2022-1745)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to the authentication mechanism susceptible to forgery. An authenticated attacker with physical access can gain administrative privileges on a device and install malicious code.

8) Incorrect Privilege Assignment (CVE-ID: CVE-2022-1746)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the authentication mechanism used by poll workers to administer voting can expose cryptographic secrets used to protect election information. An authenticated attacker with physical access can gain access to sensitive information and perform privileged actions.

9) Origin validation error (CVE-ID: CVE-2022-1747)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the authentication mechanism used by voters to activate a voting session is susceptible to forgery. An authenticated attacker with physical access can print an arbitrary number of ballots without authorization.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://ics-cert.us-cert.gov/advisories/icsa-22-154-01