CVE-2018-6693 Vulnerability Details

  /     /     /  

CVE-2018-6693 Metadata Quick Info

CVE Published: 18/09/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: trellix | Vendor: McAfee | Product: Endpoint Security for Linux Threat Prevention (ENSLTP)
Status : PUBLISHED

---

CVE-2018-6693 Description

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-363
CWE Name: Race Condition Enabling Link Following (CWE-363)
Source: McAfee

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).