A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
References
Configurations
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.kb.cert.org/vuls/id/287178 - | |
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10378 - |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-427 |
25 Jan 2022, 20:12
Type | Values Removed | Values Added |
---|---|---|
References | (CERT-VN) https://www.kb.cert.org/vuls/id/287178 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10378 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:a:mcafee:agent:*:*:*:*:*:windows:*:* | |
First Time |
Mcafee agent
Mcafee |
|
CWE | CWE-269 |
21 Jan 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-19 11:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-0166
Mitre link : CVE-2022-0166
CVE.ORG link : CVE-2022-0166
JSON object : View
Products Affected
mcafee
- agent
CWE
CWE-427
Uncontrolled Search Path Element