Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-1257

CWE-922CWE-401Memory Leak5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 60.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mcafee,llc Mcafee AgentMcafee Agent
Timeline
PublishedApr 14
Latest updateJun 26

Description

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

NVDmcafee/agent< 5.7.6
CVEListV5mcafee,llc/mcafee_agentunspecified5.7.6

🔴Vulnerability Details

2
GHSA
GHSA-r8gg-2fv9-xjwj: Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 52022-04-15
CVEList
Improper Verification of Cryptographic Signature by McAfee Agent2022-04-14

💥Exploits & PoCs

1
Exploit-DB
McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information2025-06-26

📋Vendor Advisories

1
Red Hat
kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write2025-05-01