A vulnerability classified as problematic was found in ENSLTP up to 10.2.3 HF 1246778/10.5.0/10.5.1 on Linux. This vulnerability affects some unknown processing. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

The bug was discovered 09/11/2018. The weakness was presented 09/18/2018 (Website). The advisory is shared for download at kc.mcafee.com. This vulnerability was named CVE-2018-6693 since 02/05/2018. The attack needs to be approached locally. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.

The vulnerability was handled as a non-public zero-day exploit for at least 7 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Name

• ENSLTP

Version

• 10.0
• 10.1
• 10.2
• 10.2.3 HF 1246778
• 10.3
• 10.4
• 10.5
• 10.5.0
• 10.5.1

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion