CVE-2018-6704
4.7
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Summary
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee | McAfee Agent (MA) for Linux | 5.5.0 | affected |
| McAfee | McAfee Agent (MA) for Linux | 5.5.1 | affected |
| McAfee | McAfee Agent (MA) for Linux | 5.0.0 < 5.0.0* | affected |
| McAfee | McAfee Agent (MA) for Linux | 5.0.6 <= 5.0.6 | affected |
Weaknesses
- CWE-377: Insecure Temporary File (CWE-377)
Workarounds
If you cannot upgrade to McAfee Agent 5.6.0, do not run specific user requested commands related to McAfee products and only run commands mentioned in product or installation guides.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.