CVE-2018-6707 - OpenCVE

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mcafee	Agent

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:agent::::::::
	cpe:2.3:a:mcafee:agent:5.5.0:::::::*
	cpe:2.3:a:mcafee:agent:5.5.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/106307
https://kc.mcafee.com/corporate/index?page=content&id=SB10260

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2018-12-13T23:00:00

Updated: 2018-12-26T10:57:02

Reserved: 2018-02-06T00:00:00

Link: CVE-2018-6707

JSON object: View

NVD Information

Status : Modified

Published: 2018-12-14T00:29:01.780

Modified: 2023-11-07T03:00:30.430

Link: CVE-2018-6707

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"platforms": ["x86"], "product": "McAfee Agent (MA) non-Windows non-Windows versions ", "vendor": "McAfee", "versions": [{"status": "affected", "version": "5.5.0"}, {"status": "affected", "version": "5.5.1"}, {"lessThan": "5.0.0*", "status": "affected", "version": "5.0.0", "versionType": "custom"}, {"lessThanOrEqual": "5.0.6", "status": "affected", "version": "5.0.6", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "McAfee credits Brandon Vincent for discovery of this vulnerability."}], "datePublic": "2018-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-26T10:57:02", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"name": "106307", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106307"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260"}], "solutions": [{"lang": "en", "value": "upgrade to McAfee Agent 5.6.0"}], "source": {"advisory": "SB10260", "discovery": "EXTERNAL"}, "title": "McAfee Agent Insecure usage of temporary files vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2018-6707", "STATE": "PUBLIC", "TITLE": "McAfee Agent Insecure usage of temporary files vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Agent (MA) non-Windows non-Windows versions ", "version": {"version_data": [{"affected": ">=", "platform": "x86", "version_affected": ">=", "version_name": "5.0.0", "version_value": "5.0.0"}, {"affected": "<=", "platform": "x86", "version_affected": "<=", "version_name": "5.0.6", "version_value": "5.0.6"}, {"affected": "=", "platform": "x86", "version_affected": "=", "version_name": "5.5.0", "version_value": "5.5.0"}, {"affected": "=", "platform": "x86", "version_affected": "=", "version_name": "5.5.1", "version_value": "5.5.1"}]}}]}, "vendor_name": "McAfee"}]}}, "credit": [{"lang": "eng", "value": "McAfee credits Brandon Vincent for discovery of this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "106307", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106307"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260"}]}, "solution": [{"lang": "en", "value": "upgrade to McAfee Agent 5.6.0"}], "source": {"advisory": "SB10260", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2018-6707", "datePublished": "2018-12-13T23:00:00", "dateReserved": "2018-02-06T00:00:00", "dateUpdated": "2018-12-26T10:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C64E5EC-8233-436C-8C4A-81EC34B3D15E", "versionEndIncluding": "5.0.6", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:agent:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "29BD74B8-8FF2-4C74-9B9B-DB5C404E5915", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:agent:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A7A7F4E-8425-4518-874A-4D9B0BF6B032", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism."}, {"lang": "es", "value": "Vulnerabilidad de denegaci\u00f3n de servicio (DoS) mediante consumo de recursos en el agente en plataformas no Windows de McAfee Agent (MA), desde la versi\u00f3n 5.0.0 a la 5.0.6, 5.5.0 y 5.5.1, permite que usuarios locales provoquen una denegaci\u00f3n de servicio (DoS), un comportamiento inesperado o una ejecuci\u00f3n de c\u00f3digo no autorizada mediante el conocimiento del mecanismo interno de confianza."}], "id": "CVE-2018-6707", "lastModified": "2023-11-07T03:00:30.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 0.6, "impactScore": 2.7, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2018-12-14T00:29:01.780", "references": [{"source": "trellixpsirt@trellix.com", "url": "http://www.securityfocus.com/bid/106307"}, {"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}