cbcvebase.

Mcafee Llc Mcafee Agent For Windows vulnerabilities

8 known vulnerabilities affecting mcafee_llc/mcafee_agent_for_windows.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-0166P3HIGHCVSS 7.8≥ unspecified, < 5.7.52022-01-19
CVE-2022-0166 [HIGH] CWE-427 CVE-2022-0166: A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.c A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathw
nvd
CVE-2021-31854P3HIGHCVSS 7.8≥ unspecified, < 5.7.52022-01-19
CVE-2021-31854 [HIGH] CWE-78 CVE-2021-31854: A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability t
nvd
CVE-2022-1256P3HIGHCVSS 7.8≥ unspecified, < 5.7.62022-04-14
CVE-2022-1256 [HIGH] CWE-269 CVE-2022-1256: A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privi A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.
nvd
CVE-2021-31847P3HIGHCVSS 7.8≥ unspecified, < 5.7.42021-09-22
CVE-2021-31847 [HIGH] CWE-269 CVE-2021-31847: Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5. Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory us
nvd
CVE-2021-31840P3HIGHCVSS 7.3≥ unspecified, < 5.7.32021-06-10
CVE-2021-31840 [HIGH] CWE-427 CVE-2021-31840: A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for W A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the us
nvd
CVE-2021-31841P4HIGHCVSS 7.3≥ unspecified, < 5.7.42021-09-22
CVE-2021-31841 [HIGH] CWE-347 CVE-2021-31841: A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DL
nvd
CVE-2021-31836P4HIGHCVSS 7.1≥ unspecified, < 5.7.42021-09-22
CVE-2021-31836 [HIGH] CWE-269 CVE-2021-31836: Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
nvd
CVE-2021-31839P4LOWCVSS 3.3≥ unspecified, < 5.7.32021-06-10
CVE-2021-31839 [LOW] CWE-269 CVE-2021-31839: Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a loca Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.
nvd
Mcafee Llc Mcafee Agent For Windows vulnerabilities | cvebase