Lucene search
K

9 matches found

CVE
CVE
added 2022/07/27 9:25 a.m.157 views

CVE-2022-2313

CVE-2022-2313 is a DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7. An attacker can place a malicious DLL in the installer’s directory to achieve local code execution and privilege escalation. A fix is to update to version 5.7.7 or later; as a temporary workaround...

8.2CVSS7.6AI score0.00329EPSS
CVE
CVE
added 2022/04/14 1:50 p.m.118 views

CVE-2022-1258

McAfee Agent (MA) ePolicy Orchestrator (ePO) extension vulnerable before 5.7.6 due to a blind SQL injection in the back-end database. An authenticated ePO administrator can perform arbitrary SQL queries, potentially enabling server command execution. Affected: MA/ePO extension prior to 5.7.6. Roo...

8.4CVSS7.6AI score0.00936EPSS
CVE
CVE
added 2022/04/14 1:45 p.m.106 views

CVE-2022-1256

CVE-2022-1256 affects McAfee Agent (Windows) prior to version 5.7.6. The vulnerability is a local privilege escalation: a low-privileged user can gain SYSTEM by executing the repair functionality, which performs temporary file actions in the user’s %TEMP% directory with System privileges through ...

7.8CVSS8.1AI score0.0025EPSS
CVE
CVE
added 2022/01/19 11:0 a.m.103 views

CVE-2021-31854

CVE-2021-31854 : McAfee Agent for Windows versions prior to 5.7.5 is affected by a command-injection vulnerability in the file cleanup.exe invoked via the Agent deployment feature in the System Tree. An attacker could place a malicious cleanup.exe in the relevant folder to achieve a reverse shell...

9.3CVSS7.7AI score0.01016EPSS
CVE
CVE
added 2022/04/14 1:50 p.m.103 views

CVE-2022-1257

Summary of CVE-2022-1257 in McAfee Agent (Tre llix Agent) : The vulnerability affects MA for Linux, macOS, and Windows prior to version 5.7.6, where sensitive data could be exposed through the ma.db storage. The root cause is insecure storage of credentials in ma.db, with sensitive information mo...

6.1CVSS6AI score0.00622EPSS
Web
CVE
CVE
added 2021/01/20 7:57 p.m.97 views

CVE-2021-1257

CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...

8.8CVSS8.1AI score0.00836EPSS
CVE
CVE
added 2022/01/19 11:5 a.m.89 views

CVE-2022-0166

CVE-2022-0166 affects McAfee Agent prior to 5.7.5. The issue arises from using an OpenSSL OPENSSLDIR location as a subdirectory within the installation directory, allowing a low-privilege Windows user to place a crafted openssl.cnf in an accessible path and execute arbitrary code with SYSTEM priv...

7.8CVSS7.8AI score0.02969EPSS
CVE
CVE
added 2021/09/22 1:25 p.m.81 views

CVE-2021-31847

The CVE-2021-31847 issue affects McAfee Agent for Windows prior to 5.7.4. It is an improper access control flaw in the repair process that could let a local attacker perform a DLL preloading attack using unsigned DLLs. This stems from not properly protecting a temporary directory used during repa...

8.2CVSS8AI score0.00386EPSS
CVE
CVE
added 2021/01/18 12:15 p.m.79 views

CVE-2020-7343

CVE-2020-7343 describes a Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1. Local users can block McAfee product updates by manipulating a directory MA uses for temporary files, causing the product to continue operating with-out-of-date detection files. Public r...

5.5CVSS5.3AI score0.00354EPSS