CVE Vulnerability

CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10378 Vendor Advisory
https://www.kb.cert.org/vuls/id/287178 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:mcafee:agent:*:*:*:*:*:windows:*:*
Information

Published : 2022-01-19 11:15

Updated : 2022-01-25 08:12

NVD link : CVE-2022-0166

Mitre link : CVE-2022-0166

Products Affected

Agent

Mcafee

CWE
CWE-269