Description
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/287178
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
18.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
mcafee/agent
< 5.7.5
Published
Jan 19, 2022
Tracked Since
Feb 18, 2026