CVE-2018-6704

Summary

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

Affected Software

VendorProductVersion RangeStatus
McAfeeMcAfee Agent (MA) for Linux5.5.0affected
McAfeeMcAfee Agent (MA) for Linux5.5.1affected
McAfeeMcAfee Agent (MA) for Linux5.0.0 < 5.0.0*affected
McAfeeMcAfee Agent (MA) for Linux5.0.6 <= 5.0.6affected

Weaknesses

  • CWE-377: Insecure Temporary File (CWE-377)

Workarounds

If you cannot upgrade to McAfee Agent 5.6.0, do not run specific user requested commands related to McAfee products and only run commands mentioned in product or installation guides.

ADP Enrichment

CVE Program Container

Additional References

References