CVE-2022-2313

2022-07-2710:15:08

CWE-427

[email protected]

web.nvd.nist.gov

115

cve-2022-2313

ma smart installer

windows

vulnerability

dll hijacking

nvd

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.

Affected configurations

NVD

Node

mcafeeagentRange<5.7.7windows

CPENameOperatorVersion
mcafee:agentmcafee agentlt5.7.7

CPE	Name	Operator	Version
mcafee:agent	mcafee agent	lt	5.7.7

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Trellix Agent (TA)",
    "vendor": "Trellix",
    "versions": [
      {
        "lessThan": "5.7.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]