Privilege Escalation via Malicious openssl.cnf File in McAfee Agent

Privilege Escalation via Malicious openssl.cnf File in McAfee Agent

CVE-2022-0166 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

Learn more about our User Device Pen Test.