PT-2022-1409 · Mcafee · Mcafee Agent
Will Dormann
·
Published
2022-01-18
·
Updated
2023-08-08
·
CVE-2022-0166
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
McAfee Agent versions prior to 5.7.5
Description
A privilege escalation issue exists due to errors in privilege management. The McAfee Agent uses an openssl.cnf file during its build process, which can be exploited by a low-privilege user to execute arbitrary code with SYSTEM privileges. This can be achieved by creating a malicious openssl.cnf file and establishing the appropriate pathway to it.
Recommendations
For McAfee Agent versions prior to 5.7.5, update to version 5.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the openssl.cnf file to prevent low-privilege users from creating malicious pathways.
Fix
Improper Privilege Management
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mcafee Agent