CVE-2018-11329

{"id": "CVE-2018-11329", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-05-22T05:29:00.203", "references": [{"url": "https://peckshield.com/2018/05/21/ceoAnyone/", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://peckshield.com/2018/05/21/ceoAnyone/", "tags": ["Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018."}, {"lang": "es", "value": "La funci\u00f3n DrugDealer de la implementaci\u00f3n de un contrato inteligente de Ether Cartel, un juego de Ethereum, permite que los atacantes tomen posesi\u00f3n del contrato. Esto tambi\u00e9n se conoce como ceoAnyone. Tras esto, todos los activos digitales (incluyendo el balance Ether y los tokens) podr\u00edan ser manipulados por los atacantes, tal y como se explot\u00f3 \"in the wild\" en mayo del 2018."}], "lastModified": "2024-11-21T03:43:09.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ethercartel:ether_cartel:2018-05-18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "251F10D4-1131-43C1-8E62-E8B4D5AA5DB0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}