1. Home
  2. CVE Database
  3. CVE-2018-6693
MEDIUM · 5.3

CVE-2018-6693

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condi...

Vulnerability Description

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
LOW

Affected Products

VendorProductVersions
McafeeEndpoint Security For Linux Threat Prevention<= 10.2.3
McafeeEndpoint Security Linux Threat Prevention10.5.0
LinuxLinux Kernel-

Related Weaknesses (CWE)

CWE-274CWE-367CWE-363

References

FAQ

What is CVE-2018-6693?

CVE-2018-6693 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condi...

How severe is CVE-2018-6693?

CVE-2018-6693 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6693?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Endpoint Security For Linux Threat Prevention, Mcafee Endpoint Security Linux Threat Prevention, Linux Linux Kernel.