McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability

CVE-2018-6706

2.3LOW

Key Information

Vendor: Mcafee
Status: Mcafee Agent (ma) For Linux
Vendor: CVE Published:; 12 December 2018

Summary

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.

Affected Version(s)

McAfee Agent (MA) for Linux = 5.5.0

McAfee Agent (MA) for Linux = 5.5.1

McAfee Agent (MA) for Linux < 5.0.0*

References

http://www.securityfocus.com/bid/106328

vdb-entryx_refsource_BID

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2018
Vulnerability Reserved
Feb 6, 2018

Collectors

NVD DatabaseMitre Database

Credit

McAfee credits Brandon Vincent for discovery of this vulnerability