CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
References
Link Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10378 Vendor Advisory
https://www.kb.cert.org/vuls/id/287178 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:mcafee:agent:*:*:*:*:*:windows:*:*

Information

Published : 2022-01-19 11:15

Updated : 2022-01-25 08:12


NVD link : CVE-2022-0166

Mitre link : CVE-2022-0166

Products Affected
CWE