CVE-2018-10769

Published Aug 10, 2018

Last updated a year ago

CVSS high 7.5

Overview

Description: The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:smartmesh_project:smartmesh:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6986ACD-1B81-42DE-956A-83E83D025521"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ugtoken_project:ugtoken:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B339C7C0-B6B9-4DCA-AD78-7BC8B6463F22"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gg_token_project:gg_token:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E53223-A11C-456D-BA04-8E438B5FC593"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:first_project:first:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D67528-5A85-4EB0-8938-0756BEC62D5E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mtc_project:mtc:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5780CA95-8F7D-48F6-B3E4-AE508AAA8563"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mesh_project:mesh:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "111835EF-6FB4-454E-A84C-6A32C3FB97F5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References