CVE-2018-6706

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
trellixCNA
2.3 LOW
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
mcafeeagent
5.0.0 ≤
𝑥
≤ 5.0.6
mcafeeagent
5.5.0
mcafeeagent
5.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106328
https://kc.mcafee.com/corporate/index?page=content&id=SB10260
http://www.securityfocus.com/bid/106328
https://kc.mcafee.com/corporate/index?page=content&id=SB10260