CVE-2022-1744 - Vulnerability Details - OpenCVE

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dominionvoting	Democracy Suite Imagecast X

Configuration 1 [-]

AND

cpe:2.3:o:dominionvoting:imagecast_x:*:*:*:*:*:*:*:*

cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.30:::::::*
	cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.32:::::::*

cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01

History

Thu, 17 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-06-24T15:00:23.804Z

Updated: 2025-04-17T18:47:17.814Z

Reserved: 2022-05-16T00:00:00.000Z

Link: CVE-2022-1744

Vulnrichment

Updated: 2024-08-03T00:16:59.878Z

NVD

Status : Modified

Published: 2022-06-24T15:15:09.937

Modified: 2025-04-17T19:15:52.567

Link: CVE-2022-1744

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ImageCast X application", "vendor": "Dominion Voting System", "versions": [{"status": "affected", "version": "Version 5.5-A Versions 5.5.10.30 and 5.5.10.32"}]}, {"product": "ImageCast X firmware", "vendor": "Dominion Voting System", "versions": [{"status": "affected", "version": "Version 5.5-A"}]}], "datePublic": "2022-06-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T15:00:23.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"}], "source": {"discovery": "UNKNOWN"}, "title": "2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250", "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "20220603T06:00:00.000000Z", "ID": "CVE-2022-1744", "STATE": "PUBLIC", "TITLE": "2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ImageCast X application", "version": {"version_data": [{"platform": "", "version_affected": "=", "version_name": "Version 5.5-A", "version_value": "Versions 5.5.10.30 and 5.5.10.32"}]}}]}, "vendor_name": "Dominion Voting System"}, {"product": {"product_data": [{"product_name": "ImageCast X firmware", "version": {"version_data": [{"platform": "", "version_affected": "=", "version_name": "", "version_value": "Version 5.5-A"}]}}]}, "vendor_name": "Dominion Voting System"}]}}, "credit": [], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-250"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:59.878Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T17:45:48.589384Z", "id": "CVE-2022-1744", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T18:47:17.814Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1744", "datePublished": "2022-06-24T15:00:23.804Z", "dateReserved": "2022-05-16T00:00:00.000Z", "dateUpdated": "2025-04-17T18:47:17.814Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:59.878Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-1744", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T17:45:48.589384Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:45:39.247Z"}}], "cna": {"title": "2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Dominion Voting System", "product": "ImageCast X application", "versions": [{"status": "affected", "version": "Version 5.5-A Versions 5.5.10.30 and 5.5.10.32"}]}, {"vendor": "Dominion Voting System", "product": "ImageCast X firmware", "versions": [{"status": "affected", "version": "Version 5.5-A"}]}], "datePublic": "2022-06-03T00:00:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-06-24T15:00:23.000Z"}, "x_legacyV4Record": {"credit": [], "source": {"defect": [], "advisory": "", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "", "version_name": "Version 5.5-A", "version_value": "Versions 5.5.10.30 and 5.5.10.32", "version_affected": "="}]}, "product_name": "ImageCast X application"}]}, "vendor_name": "Dominion Voting System"}, {"product": {"product_data": [{"version": {"version_data": [{"platform": "", "version_name": "", "version_value": "Version 5.5-A", "version_affected": "="}]}, "product_name": "ImageCast X firmware"}]}, "vendor_name": "Dominion Voting System"}]}}, "solution": [], "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-250"}]}]}, "work_around": [], "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-1744", "AKA": "", "STATE": "PUBLIC", "TITLE": "2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "20220603T06:00:00.000000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-1744", "state": "PUBLISHED", "dateUpdated": "2025-04-17T18:47:17.814Z", "dateReserved": "2022-05-16T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-06-24T15:00:23.804Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dominionvoting:imagecast_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "36AF91D2-BA55-4090-8629-C962EF5C7D68", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*", "matchCriteriaId": "7EF6FA8A-7FEE-473C-BB74-D5DC7A9FE24A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.30:*:*:*:*:*:*:*", "matchCriteriaId": "8207CE21-4D63-492C-973C-E9045EAB1082", "vulnerable": true}, {"criteria": "cpe:2.3:a:dominionvoting:imagecast_x:5.5.10.32:*:*:*:*:*:*:*", "matchCriteriaId": "4D398E91-1F02-46E7-B87B-8FA0821F63BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dominionvoting:democracy_suite:5.5-a:*:*:*:*:*:*:*", "matchCriteriaId": "7EF6FA8A-7FEE-473C-BB74-D5DC7A9FE24A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code."}, {"lang": "es", "value": "Las aplicaciones en la versi\u00f3n probada de Dominion Voting Systems ImageCast X pueden ejecutar c\u00f3digo con privilegios elevados explotando un servicio a nivel de sistema. Un atacante podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios en un dispositivo y/o instalar c\u00f3digo malicioso"}], "id": "CVE-2022-1744", "lastModified": "2025-04-17T19:15:52.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-06-24T15:15:09.937", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}