Vulnerability

VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

July 1, 2022

Overview

McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.

Description

CVE-2022-0166

McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

Impact

By placing a specially-crafted openssl.cnf in a location used by McAfee Agent, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable McAfee Agent software installed.

Solution

Apply an update

This vulnerability is addressed in McAfee Agent version 5.7.5.

Acknowledgements

This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Vendor Information

One or more vendors are listed for this advisory. Please reference the full report for more information.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10378

https://vuls.cert.org/confluence/display/Wiki/2021/06/21/Finding+Privilege+Escalation+Vulnerabilities+in+Windows+using+Process+Monitor

Other Information

CVE IDs:

CVE-2022-0166

Date Public:

2022-01-20
Date First Published:
2022-01-20
Date Last Updated:
2022-01-20 21:47 UTC
Document Revision:
1

About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement
Related Posts
Clear Filters
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm
VULNERABILITIES
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm
Vulnerability
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level…

Read More
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm
VULNERABILITIES
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm
Vulnerability
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an…

Read More
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required