CVE-2018-6756

HIGH

McAfee True Key <5.1.230.7 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6756. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details multiple privilege escalation vulnerabilities in McAfee True Key Service, focusing on insecure certificate validation and TOCTOU issues in the SecureExecute command. It includes a technical breakdown of the flaws and a proof-of-concept exploit.

Description

Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/45961

View Code ZIP pw:eip

The writeup details multiple privilege escalation vulnerabilities in McAfee True Key Service, focusing on insecure certificate validation and TOCTOU issues in the SecureExecute command. It includes a technical breakdown of the flaws and a proof-of-concept exploit.

Classification

Writeup 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: McAfee True Key Service 5.1.173.1

No auth needed

Prerequisites: Access to the target system · Ability to execute arbitrary code as a low-privileged user

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45961/

Various Sources x_refsource_confirm

http://service.mcafee.com/FAQDocument.aspx?&id=TS102872

Scores

CVSS v3 7.8

EPSS 0.0103

EPSS Percentile 59.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (1)

mcafee/true_key < 5.1.230.7

Published Dec 06, 2018

Tracked Since Feb 18, 2026