Vulnerabilities > CVE-2018-6705 - Unspecified vulnerability in Mcafee Agent

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
mcafee
nessus

Summary

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

Nessus

NASL familyMisc.
NASL idMCAFEE_EPO_AGENT_SB10260.NASL
descriptionThe version of McAfee Agent, formerly McAfee ePolicy Orchestrator (ePO) Agent, installed on the remote host is 5.0.x, 5.5.0, or 5.5.1. It is, therefore, affected by multiple vulnerabilities. These include an arbitrary command execution and potentially a remote code execution vulnerability. A local attacker could use these vulnerabilities to potentially gain unauthorized access to the remote system.
last seen2020-03-21
modified2019-06-07
plugin id125779
published2019-06-07
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/125779
titleMcAfee Agent 5.0.x / 5.5.0 / 5.5.1 Multiple Vulnerabilities (SB10260)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125779);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/22");

  script_cve_id("CVE-2018-6705", "CVE-2018-6706", "CVE-2018-6707");
  script_bugtraq_id(106307, 106328);

  script_name(english:"McAfee Agent 5.0.x / 5.5.0 / 5.5.1 Multiple Vulnerabilities (SB10260)");
  script_summary(english:"Checks the McAfee Agent version.");

  script_set_attribute(attribute:"synopsis", value:
"A security management agent installed on the remote host is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of McAfee Agent, formerly McAfee ePolicy Orchestrator
(ePO) Agent, installed on the remote host is 5.0.x, 5.5.0, or 5.5.1.
It is, therefore, affected by multiple vulnerabilities. These include
an arbitrary command execution and potentially a remote code execution
vulnerability. A local attacker could use these vulnerabilities to
potentially gain unauthorized access to the remote system.");
  script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10260");
  script_set_attribute(attribute:"solution", value:
"Upgrade to McAfee Agent version 5.6.0, or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6706");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/07");

  
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:epolicy_orchestrator_agent");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mcafee_epo_agent_installed_nix.nbin");
  script_exclude_keys("SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

# Non-Windows only
if (get_kb_item('SMB/Registry/Enumerated')) audit(AUDIT_OS_NOT, 'affected');

app_info = vcf::get_app_info(app:'McAfee ePO Agent');

vcf::check_granularity(app_info:app_info, sig_segments:3);

# Exact Build Numbers if needed:
#   https://kc.mcafee.com/corporate/index?page=content&id=KB51573
constraints = [
  { 'min_version' : '5.0', 'max_version' : '5.1', 'fixed_version' : '5.6.0'},
  { 'min_version' : '5.5.0', 'max_version' : '5.5.0.482', 'fixed_version' : '5.6.0'},
  { 'min_version' : '5.5.1', 'max_version' : '5.5.1.462', 'fixed_version' : '5.6.0'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);