9 matches found
CVE-2022-2313
CVE-2022-2313 is a DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7. An attacker can place a malicious DLL in the installer’s directory to achieve local code execution and privilege escalation. A fix is to update to version 5.7.7 or later; as a temporary workaround...
CVE-2022-1258
McAfee Agent (MA) ePolicy Orchestrator (ePO) extension vulnerable before 5.7.6 due to a blind SQL injection in the back-end database. An authenticated ePO administrator can perform arbitrary SQL queries, potentially enabling server command execution. Affected: MA/ePO extension prior to 5.7.6. Roo...
CVE-2022-1256
CVE-2022-1256 affects McAfee Agent (Windows) prior to version 5.7.6. The vulnerability is a local privilege escalation: a low-privileged user can gain SYSTEM by executing the repair functionality, which performs temporary file actions in the user’s %TEMP% directory with System privileges through ...
CVE-2021-31854
CVE-2021-31854 : McAfee Agent for Windows versions prior to 5.7.5 is affected by a command-injection vulnerability in the file cleanup.exe invoked via the Agent deployment feature in the System Tree. An attacker could place a malicious cleanup.exe in the relevant folder to achieve a reverse shell...
CVE-2022-1257
Summary of CVE-2022-1257 in McAfee Agent (Tre llix Agent) : The vulnerability affects MA for Linux, macOS, and Windows prior to version 5.7.6, where sensitive data could be exposed through the ma.db storage. The root cause is insecure storage of credentials in ma.db, with sensitive information mo...
CVE-2021-1257
CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...
CVE-2022-0166
CVE-2022-0166 affects McAfee Agent prior to 5.7.5. The issue arises from using an OpenSSL OPENSSLDIR location as a subdirectory within the installation directory, allowing a low-privilege Windows user to place a crafted openssl.cnf in an accessible path and execute arbitrary code with SYSTEM priv...
CVE-2021-31847
The CVE-2021-31847 issue affects McAfee Agent for Windows prior to 5.7.4. It is an improper access control flaw in the repair process that could let a local attacker perform a DLL preloading attack using unsigned DLLs. This stems from not properly protecting a temporary directory used during repa...
CVE-2020-7343
CVE-2020-7343 describes a Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1. Local users can block McAfee product updates by manipulating a directory MA uses for temporary files, causing the product to continue operating with-out-of-date detection files. Public r...