CVE-2018-6693

Name of the Vulnerable Software and Affected Versions ENSLTP versions 10.2.3 Hotfix 1246778 and earlier ENSLTP versions 10.5.0 through 10.5.1

Description An unprivileged user can delete arbitrary files on a Linux system by exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, allowing for privilege escalation.

Recommendations For ENSLTP versions 10.2.3 Hotfix 1246778 and earlier, consider restricting file access permissions to prevent arbitrary file deletion until a patch is available. For ENSLTP versions 10.5.0 through 10.5.1, consider implementing additional access controls to mitigate the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.