Privilege escalation vulnerability in McAfee Agent
CVE-2022-0166

7.8HIGH

Key Information:

Vendor: McAfee,LLC
Status: McAfee Agent for Windows
Vendor: CVE Published:; 19 January 2022

Summary

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

Affected Version(s)

McAfee Agent for Windows Windows < 5.7.5

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/287178

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Jan 10, 2022