CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23892
https://notcve.org/view.php?id=CVE-2021-23892
12 May 2021 — By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations. Al explotar una condición de carrera de tiempo de verificación a tiempo de uso (TOCTOU) durante el proceso de instalación de Endpoint Security... • https://kc.mcafee.com/corporate/index?page=content&id=SB10355 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6693 – Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2018-6693
18 Sep 2018 — An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files. Un usuario sin privilegios puede eliminar archivos arbitrarios en un sistema Linux que ejecuta ENSLTP 10.5.1, 10.5.0 y 10.2.3 Hotfix 1246778 y anteriores. Mediante la explotación ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10248 • CWE-274: Improper Handling of Insufficient Privileges CWE-363: Race Condition Enabling Link Following CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •