search menu icon-carat-right cmu-wordmark

CERT Coordination Center

McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Vulnerability Note VU#287178

Original Release Date: 2022-01-20 | Last Revised: 2022-01-20

Overview

McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.

Description

CVE-2022-0166

McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

Impact

By placing a specially-crafted openssl.cnf in a location used by McAfee Agent, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable McAfee Agent software installed.

Solution

Apply an update

This vulnerability is addressed in McAfee Agent version 5.7.5.

Acknowledgements

This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Vendor Information

287178
 

McAfee Affected

Notified:  2021-11-16 Updated: 2022-01-20

Statement Date:   January 19, 2022

CVE-2022-0166 Affected

Vendor Statement

Fix released and published - https://kc.mcafee.com/corporate/index?page=content&id=SB10378


Other Information

CVE IDs: CVE-2022-0166
Date Public: 2022-01-20
Date First Published: 2022-01-20
Date Last Updated: 2022-01-20 21:47 UTC
Document Revision: 1

Sponsored by CISA.