7.8 - VU#287178

Executive Summary

Summary
Title	McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Informations
Name	VU#287178	First vendor Publication	2022-01-20
Vendor	VU-CERT	Last vendor Modification	2022-01-20
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7.8
Base Score	7.8	Environmental Score	7.8
impact SubScore	5.9	Temporal Score	7.8
Exploitabality Sub Score	1.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.

Description

CVE-2022-0166

McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

Impact

By placing a specially-crafted openssl.cnf in a location used by McAfee Agent, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable McAfee Agent software installed.

Solution

Apply an update

This vulnerability is addressed in McAfee Agent version 5.7.5.

Acknowledgements

This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Original Source

Url : https://kb.cert.org/vuls/id/287178

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-427	Uncontrolled Search Path Element

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mcafee Agent cpe:2.3:a:mcafee:agent:5.6.0:::::::* cpe:2.3:a:mcafee:agent:5.5.1:::::linux:: cpe:2.3:a:mcafee:agent:5.5.1:::::::* cpe:2.3:a:mcafee:agent:5.5.0:::::linux:: cpe:2.3:a:mcafee:agent:5.5.0:::::::* cpe:2.3:a:mcafee:agent:4.0:::::::* cpe:2.3:a:mcafee:agent:::::::: cpe:2.3:a:mcafee:agent::::::windows::*	8

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-01-26 00:29:24	Multiple Updates
2022-01-21 00:17:41	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	8

	Related
7.8	CVE-2022-0166
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)