McAfee issues security bulletin, patches bugs that can lead to system level privileges

In brief: McAfee Agent, a component of the company’s ePolicy Orchestrator (ePO), is deployed to client machines to report data, status, and enforce policies. Earlier this week, the company released a security bulletin highlighting two CVEs affecting previous versions of the ePO Agent deployed to support ePO efforts. The company released an updated version of the Agent that effectively remediates the vulnerabilities, both of which received high severity ratings.

The bulletin identified CVE-2021-31854 and CVE-2022-0166, two high severity attack vectors that can leave any asset with McAfee ePO Agents deployed vulnerable to attack. Per the McAfee’s guidance, any implementations with Agents earlier than version 5.7.5 deployed should update the Agent or risk further exposure.

The security brief provides a detailed explanation of each CVE and cross-references the exploits against MITRE and National Institute of Standards and Technology (NIST) CVE reports.

  • CVE-2021-31854—A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges.
  • CVE-2022-0166—A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

McAfee has made Agent version 5.7.5 available to users and administrators tasked with remediating the vulnerabilities. The bulletin provides users of McAfee endpoint and ePO/server products with specific steps to determine whether or not their ePO and Agent implementation is vulnerable. Once deployed, any client machine with the Agent installed will no longer be susceptible to the identified exploits.

McAfee ePO is an administrative tool used to centralize the management of any endpoints (PCs, printers, other peripherals) on a user’s network. It provides administrators with the ability to centrally track and monitor various system data, events, and policies across all eligible endpoints within their environment.

Image credit: Pixelcreatures

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
We tested for you: Huawei MateBook 14s (video) thumbnail

We tested for you: Huawei MateBook 14s (video)

06.01.2022 09:12 | Mobile Huawei MateBook 14s napravljen je u klasičnom stilu bez ikakvih dizajnerskih eksperimenata, zapravo kada ga pogledate u njegovom Space Gray metalnom kućištu, prva asocijacija je velika sličnost sa MacBook modelima. Ipak, Huawei ima dovoljno detalja u nameri da zadrži sopsteveni karakter, pre svega u vidu forme ekrana i lepo obrađenih ivica kućišta…
Read More
Geekbench 6 arrives with new tests, adapted for modern-day devices thumbnail

Geekbench 6 arrives with new tests, adapted for modern-day devices

Primate Labs announced a new version of its popular benchmark today - Geekbench 6. The company says phones and computers are getting faster so previous methods of measuring improvements are quickly getting out of date. Changes include bigger photos, a larger library of images for importing tests, bigger and more modern PDF examples. The app
Read More
A global experiment in Roam co-living thumbnail

A global experiment in Roam co-living

Update: I decided to leave this company and am no longer affiliated with Roam Co-Living. I’m moving into a columnist role at TechCrunch and onto some new projects. One is called Roam Co-Living. It adaptively reuses space for communal living and location independent workers in other parts of the U.S. and world, starting in Miami and Indonesia. Although this work…
Read More
Dark Souls servers taken down following discovery of critical vulnerability thumbnail

Dark Souls servers taken down following discovery of critical vulnerability

REMOTE CODE EXECUTION — No interaction required. "I didn't even know that shit was possible," pwned player says. Dan Goodin - Jan 24, 2022 11:20 pm UTC The_Grim_SleeperBandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players to…
Read More
Index Of News
Total
0
Share