Lucene search

TrellixCVE-2018-6693

HistorySep 18, 2018 - 10:00 p.m.

CVE-2018-6693

2018-09-1822:00:00

CWE-367

CWE-274

CWE-363

trellix

web.nvd.nist.gov

cve-2018-6693

ensltp

linux

toctou

privilege escalation

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

12.6%

JSON

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

Affected configurations

Nvd

Node

mcafeeendpoint_security_for_linux_threat_preventionRange≤10.2.3

mcafeeendpoint_security_for_linux_threat_preventionMatch10.5.1

mcafeeendpoint_security_linux_threat_preventionMatch10.5.0

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
mcafeeendpoint_security_for_linux_threat_prevention*cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:*:*:*:*:*:*:*:*
mcafeeendpoint_security_for_linux_threat_prevention10.5.1cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.5.1:*:*:*:*:*:*:*
mcafeeendpoint_security_linux_threat_prevention10.5.0cpe:2.3:a:mcafee:endpoint_security_linux_threat_prevention:10.5.0:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mcafee	endpoint_security_for_linux_threat_prevention	*	cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention::::::::
mcafee	endpoint_security_for_linux_threat_prevention	10.5.1	cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.5.1:::::::*
mcafee	endpoint_security_linux_threat_prevention	10.5.0	cpe:2.3:a:mcafee:endpoint_security_linux_threat_prevention:10.5.0:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": " Endpoint Security for Linux Threat Prevention (ENSLTP)",
    "vendor": "McAfee",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.5.1 10.5.0"
      },
      {
        "lessThanOrEqual": "10.2.3 Hotfix 1246778",
        "status": "affected",
        "version": "10.2.3 Hotfix 1246778",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10248

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-6693