Main Vulnerability Database Vulnerabilities #VU36296

Input validation error in agent - CVE-2018-6705

Published: December 12, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36296

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6705

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Ilya Grigorik

Affected software:
agent

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

How to mitigate CVE-2018-6705

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/106328
https://kc.mcafee.com/corporate/index?page=content&id=SB10260

Input validation error in agent - CVE-2018-6705

Detailed vulnerability description

How to mitigate CVE-2018-6705

Sources

Please verify you're human