vulnerability

McAfee Agent: CVE-2022-0166: Mcafee agent update fixes two vulnerabilities (SB10378)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Jan 19, 2022	Mar 7, 2022	Mar 7, 2022

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 19, 2022

Added

Mar 7, 2022

Modified

Mar 7, 2022

Description

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

Solution

mcafee-agent-upgrade-5-7-5

References

CERT-VN-287178
CVE-2022-0166
https://attackerkb.com/topics/CVE-2022-0166
MCAFEE-SB10378

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today