CVE-2022-0166 HIGH

CVE-2022-0166: Privilege escalation vulnerability in McAfee Agent

Vendor Mcafee,Llc
Product McAfee Agent for Windows
Published January 19, 2022
Last update August 2, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

Key dates

02Disclosure timeline

January 19, 2022 CVE published
August 2, 2024 Record updated