Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Mcafee McAfee Security 后置链接漏洞
Vulnerability Description
McAfee Endpoint Security(ENS)是美国迈克菲(McAfee)公司的一套提供智能协作和先进的威胁防御的框架。该框架支持对实时通信的整个威胁防御生命周期进行控制并进行可操作的威胁取证等。 McAfee Endpoint Security 存在后置链接漏洞。通过在Linux ENSL TP/FW安装过程中利用对使用时间的检查竞争条件,本地用户可以执行特权提升攻击,以获取管理员特权。
CVSS Information
N/A
Vulnerability Type
N/A