CVE-2022-0166

Summary

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

Affected Software

VendorProductVersion RangeStatus
McAfee,LLCMcAfee Agent for Windowsunspecified < 5.7.5affected

Weaknesses

  • CWE- 269: Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

References