8 matches found
CVE-2022-0166
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...
McAfee Agent < 5.7.5 Multiple Vulnerabilities (SB10378)
The version of McAfee Agent, formerly McAfee ePolicy Orchestrator ePO Agent, installed on the remote host is prior to 5.7.5. It is, therefore, affected by the following vulnerabilities: - A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject...
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM. According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint...
McAfee Releases Security Update for McAfee Agent for Windows
McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review McAfee Security Bulletin SB10378...
McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description CVE-2022-0166 McAfee Agent, which comes with various McAfee products such as McAfee...
CVE-2022-0166
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...
CVE-2022-0166
CVE-2022-0166 affects McAfee Agent prior to 5.7.5. The issue arises from using an OpenSSL OPENSSLDIR location as a subdirectory within the installation directory, allowing a low-privilege Windows user to place a crafted openssl.cnf in an accessible path and execute arbitrary code with SYSTEM priv...
CVE-2022-0166 Privilege escalation vulnerability in McAfee Agent
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...