Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-6693

Опубликовано: 18 сент. 2018
Источник: nvd
CVSS3: 5.6
CVSS3: 5.3
CVSS2: 3.3
EPSS Низкий

Описание

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:*:*:*:*:*:*:*:*
Версия до 10.2.3 (включая)
cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:endpoint_security_linux_threat_prevention:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%
0.00031
Низкий

5.6 Medium

CVSS3

5.3 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-274
CWE-367

Связанные уязвимости

github логотип

GHSA-7w8h-h4pj-jgjq

CVSS3: 4.7
github
больше 3 лет назад

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

EPSS

Процентиль: 9%
0.00031
Низкий

5.6 Medium

CVSS3

5.3 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-274
CWE-367