Security News > 2022 > January > McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
2022-01-21 17:13

McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM. According to McAfee's bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products.

Cnf in a location used by McAfee Agent and thus potentially be able to execute arbitrary code with SYSTEM privileges on a Windows system that has the vulnerable McAfee Agent software installed.

The second bug in the Agent - tracked as CVE-2021-31854 and given a CVSS criticality rating of 7.7 - can be exploited by a local user to inject arbitrary shell code into a file, McAfee said in its advisory.

"The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree," according to McAfee.

Wells told Security Week that exploiting this bug requires access to the McAfee ePO host, as in, the underlying Windows host, not the application itself.

That earlier bug involved DLL injection in McAfee Agent that could have allowed a local administrator to kill or tamper with the antivirus, without knowing the McAfee password.


News URL

https://threatpost.com/mcafee-bug-windows-system-privileges/177857/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2021-31854 OS Command Injection vulnerability in Mcafee Agent
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe.
local
low complexity
mcafee CWE-78
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mcafee 67 17 199 168 24 408