McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability
CVE-2018-6706

2.3LOW

Key Information:

Vendor: Mcafee
Status: Mcafee Agent (ma) For Linux
Vendor: CVE Published:; 12 December 2018

Summary

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.

Affected Version(s)

McAfee Agent (MA) for Linux x86 5.5.0

McAfee Agent (MA) for Linux x86 5.5.1

McAfee Agent (MA) for Linux x86 5.0.0 < 5.0.0*

References

http://www.securityfocus.com/bid/106328

vdb-entryx_refsource_BID

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2018
Vulnerability Reserved
Feb 6, 2018

Credit

McAfee credits Brandon Vincent for discovery of this vulnerability