Vulnerability Details : CVE-2018-10769
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).
Products affected by CVE-2018-10769
- cpe:2.3:a:smartmesh_project:smartmesh:-:*:*:*:*:*:*:*
- cpe:2.3:a:ugtoken_project:ugtoken:-:*:*:*:*:*:*:*
- cpe:2.3:a:gg_token_project:gg_token:-:*:*:*:*:*:*:*
- cpe:2.3:a:first_project:first:-:*:*:*:*:*:*:*
- cpe:2.3:a:mtc_project:mtc:-:*:*:*:*:*:*:*
- cpe:2.3:a:mesh_project:mesh:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10769
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10769
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2018-10769
-
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E
Build failed in Jenkins: Struts-master-JDK8-dependency-check #204 - Pony Mail
-
https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md
defcon26/Replay Attacks on Ethereum Smart Contracts.md at master · nkbai/defcon26 · GitHubExploit;Third Party Advisory
Jump to