CVE-2018-6706

HIGH

McAfee Agent <5.0.7 - Info Disclosure

Title source: llm

Description

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106328

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10260

Scores

CVSS v3 7.5

EPSS 0.0016

EPSS Percentile 37.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-377

Status published

Products (3)

mcafee/agent 5.5.0

mcafee/agent 5.5.1

mcafee/agent 5.0.0 - 5.0.6

Published Dec 12, 2018

Tracked Since Feb 18, 2026