In brief: McAfee Agent, a component of the company’s ePolicy Orchestrator (ePO), is deployed to client machines to report data, status, and enforce policies. Earlier this week, the company released a security bulletin highlighting two CVEs affecting previous versions of the ePO Agent deployed to support ePO efforts. The company released an updated version of the Agent that effectively remediates the vulnerabilities, both of which received high severity ratings.
The bulletin identified CVE-2021-31854 and CVE-2022-0166, two high severity attack vectors that can leave any asset with McAfee ePO Agents deployed vulnerable to attack. Per the McAfee’s guidance, any implementations with Agents earlier than version 5.7.5 deployed should update the Agent or risk further exposure.
The security brief provides a detailed explanation of each CVE and cross-references the exploits against MITRE and National Institute of Standards and Technology (NIST) CVE reports.
- CVE-2021-31854—A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges.
- CVE-2022-0166—A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
McAfee has made Agent version 5.7.5 available to users and administrators tasked with remediating the vulnerabilities. The bulletin provides users of McAfee endpoint and ePO/server products with specific steps to determine whether or not their ePO and Agent implementation is vulnerable. Once deployed, any client machine with the Agent installed will no longer be susceptible to the identified exploits.
McAfee ePO is an administrative tool used to centralize the management of any endpoints (PCs, printers, other peripherals) on a user’s network. It provides administrators with the ability to centrally track and monitor various system data, events, and policies across all eligible endpoints within their environment.
Image credit: Pixelcreatures
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Apple Barrel Acrylic Paint in Assorted Colors (2 Ounce), 20504 Black
$0.58 (as of March 12, 2025 20:22 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Stanley Quencher H2.0 Tumbler with Handle and Straw 30 oz | Flowstate 3-Position Lid | Cup Holder Compatible for Travel | Insulated Stainless Steel Cup | BPA-Free | Fuchsia
$26.25 (as of March 12, 2025 20:22 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Ninja Swirl by CREAMi Ice Cream and Soft Serve Maker, Sorbet, Milkshake, Frozen Yogurt, Low Calories Program…
$349.99 (as of March 12, 2025 19:47 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Etekcity Food Kitchen Scale, Digital Grams and Ounces for Weight Loss, Baking, Cooking, Keto and Meal Prep, LCD Display, Medium, 304 Stainless Steel
$13.99 (as of March 12, 2025 20:22 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
