CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

Published: Jan 19, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-0166
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269
CWE-427

Affected Software
References

Software	From	Fixed in
mcafee / agent	-	5.7.5

https://kc.mcafee.com/corporate/index?page=content&id=SB10378
https://www.kb.cert.org/vuls/id/287178

Vulnerability Database

289,697

CVE-2022-0166