CVE-2022-0166 · CVEKit

cve.orgen

413 chars

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

NVDen

413 chars

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

NVDes

468 chars

Una vulnerabilidad de escalada de privilegios en McAfee Agent versiones anteriores a 5.7.5. McAfee Agent usa el archivo openssl.cnf durante el proceso de construcción para especificar la variable OPENSSLDIR como un subdirectorio dentro del directorio de instalación. Un usuario con bajos privilegios podría haber creado subdirectorios y ejecutar código arbitrario con privilegios SYSTEM creando la ruta apropiada al archivo openssl.cnf malicioso creado específicamente

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H