Drew Springall

**Name of the Vulnerable Software and Affected Versions** Democracy Suite versions 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15 **Description** A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. **Recommendations** For versions 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15, consider updating to a version that includes an improved pseudo random number algorithm, such as version 5.17 or later, as mentioned in the Democracy Suite 5.17 EAC Certificate of Conformance. At the moment, there is no other information about a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The authentication mechanism used by voters to activate a voting session is susceptible to forgery. An attacker could leverage this issue to print an arbitrary number of ballots without authorization. The vulnerability is related to a lack in the source data confirmation mechanism, which can be exploited to obtain ballots without proper authorization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting System ImageCast X (affected versions not specified) **Description** The issue is related to the manipulation of Dominion Voting System ImageCast X devices through specially crafted election definition files, allowing for arbitrary code execution. An attacker could leverage this to spread malicious code to ImageCast X devices from the EMS. The vulnerability is also associated with insufficient path checking for a directory with restricted access, which can be exploited to execute arbitrary code using a specially crafted ballot file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The issue is related to errors in access control, allowing an attacker to execute arbitrary code with elevated privileges by exploiting a system-level service. This could enable the attacker to escalate privileges on a device and/or install malicious code. The vulnerability can be exploited by leveraging a specially crafted binary file with the setuid flag. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The issue is related to inadequate protection of an alternative path in the ImageCast X device software, allowing an attacker to reboot the device into Android Safe Mode. This enables direct access to the operating system, potentially permitting an attacker to escalate privileges on the device and/or install malicious code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The issue is related to the authentication mechanism used by administrators of the ImageCast X device, which is associated with errors in privilege assignment. This could allow an attacker to elevate their privileges. The vulnerability may expose cryptographic secrets used to protect election information, potentially giving an attacker access to sensitive information and allowing them to perform privileged actions, which could affect other election equipment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The authentication mechanism used by technicians on the Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The issue is related to the Terminal Emulator application in the Dominion Voting Systems ImageCast X, which could be exploited by an attacker to gain elevated privileges on a device and/or install malicious code. The vulnerability is also associated with the presence of undocumented commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The issue is related to the incorrect validation of cryptographic signatures in the terminal emulator software of the ImageCast X ballot marking device. This could allow an attacker to execute arbitrary code. The problem arises because the tested version of the device does not validate application signatures to a trusted root certificate, which is crucial for ensuring that software installed on the device can be traced back to or verified against a cryptographic key provided by the manufacturer. This lack of validation could enable an attacker to install malicious code, potentially spreading it to other vulnerable ImageCast X devices via removable media. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dominion Voting Systems ImageCast X (affected versions not specified) **Description** The issue concerns the on-screen application hash display feature, audit log export, and application export functionality of Dominion Voting Systems ImageCast X, which rely on self-attestation mechanisms. This could allow an attacker to disguise malicious applications on a device, potentially leading to unauthorized access to protected information. The vulnerability is related to the modification of attestation data or measurement reports. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TitanHQ WebTitan Gateway (affected versions not specified) Description: The issue concerns incorrect certificate validation for the TLS interception feature. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 63.0.3239.84 Google Chrome versions prior to 64.0.3282.119 **Description** The issue is related to incorrect handling of back navigations in error pages in browser navigation, allowing a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This can be achieved by using a specially formed HTML page. **Recommendations** For Google Chrome versions prior to 63.0.3239.84, update to version 63.0.3239.84 or later. For Google Chrome versions prior to 64.0.3282.119, update to version 64.0.3282.119 or later.