all InfoSec news
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.
Description
CVE-2022-0166
McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. McAfee Agent contains a privileged service that uses this OpenSSL component. A …
agent escalation location mcafee privilege privilege escalation vulnerable windows