Main Vulnerability Database Vulnerabilities #VU36297

Input validation error in agent - CVE-2018-6704

Published: December 12, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36297

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6704

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Ilya Grigorik

Affected software:
agent

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

How to mitigate CVE-2018-6704

Install update from vendor's website.

Sources

https://kc.mcafee.com/corporate/index?page=content&id=SB10259

Input validation error in agent - CVE-2018-6704

Detailed vulnerability description

How to mitigate CVE-2018-6704

Sources

Please verify you're human