McAfee Agent runs code with SYSTEM privileges

McAfee Agent for Windows contained a serious vulnerability that allowed the code of the proto run with SYSTEM privileges. The company fixed the vulnerability (CVE-2022-0166), which existed in products such as McAfee Endpoint Security through a component of OpenSSL. The same is true for a second vulnerability CVE-2021-31854.mcafee agent

CERT Coordination at Carnegie University describes the vulnerability CVE-2022-0166, discovered by Will Dormann, in 20 January of 2022.

McAfee Agent is available in various McAfee products, such as McAfee Endpoint Security, and includes an OpenSSL component. This item defines an OPENSSLDIR variable as a subdirectory that can be registered and handled by an underprivileged user in Windows.

McAfee Agent on the other hand, also has a privileged service that uses this OpenSSL component. So if a user can place a specially created openssl.cnf in an appropriate path can run arbitrary code with SYSTEM privileges.

This vulnerability has been fixed in version 5.7.5 of McAfee Agent. McAfee posted a safety warning on the above, which states that it fixed a second vulnerability in CVE-2021-31854 (discovered by Russell Wells of Cyberlinx Security), in addition to CVE-2022-0166.

Vulnerability 2 allowed commands to be inserted into McAfee Agent (MA) before version 5.7.5, which made it easier for users to pass malicious shell code into the cleanup.exe file.

Tip: Basically McAfee Agent is of no use to you and you could remove it without any problem….

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
McAfee Agent, windows, CVE-2022-0166, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).