An attacker could leverage this vulnerability to install Key provided by the manufacturer to detect tampering. Trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic The tested version of ImageCast X does not validate application signatures to a trusted root certificate.
NOTE: Mitigations to reduce the risk of exploitation of these vulnerabilities can be found in Section 3 of this document.Ģ.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 Instructions to check for and mitigate this condition are available from Dominion Voting Systems CISA issued the following detailed list of vulnerabilities NOTE: After following the vendor’s procedure to upgrade the ImageCast X from Version 5.5.10.30 to 5.5.10.32, or after performing other Android administrative actions, the ImageCast X may be left in a configuration that could allow an attacker who can attach an external input device to escalate privileges and/or install malicious code. While these vulnerabilities present risks that should be mitigated as soon as possible,Įxploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. The ImageCast X can be configured to allow a voter to produce a paper record or to record votes electronically. “This advisory identifies vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.
0 kommentar(er)
