High Threat Security Alert (A22-01-18): Multiple Vulnerabilities in McAfee Agent


 

Published on: 24 January 2022

  
  

Description:

McAfee has released a security advisory to address multiple vulnerabilities in McAfee Agent for Windows. An authenticated attacker could inject arbitrary code into the agent to exploit the vulnerability.

Reports indicate a command injection vulnerability (CVE-2021-31854) and a privilege escalation vulnerability (CVE-2022-0166) in McAfee Agent for Windows are at high risk of exploitation. You are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • McAfee Agent for Windows with version prior to 5.7.5

 

Impact:

Successful exploitation of the vulnerabilities could lead to arbitrary code execution and privilege escalation on an affected system.

 

Recommendation:

McAfee has released a new version of the product to address the issue. System administrators of affected systems should follow the recommendations provided and take immediate actions to mitigate the risk.

 

More Information:

  • https://kc.mcafee.com/corporate/index?page=content&id=SB10378
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/01/21/mcafee-releases-security-update-mcafee-agent-windows
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31854
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0166

 



Tag: McAfee , McAfee Agent
Tags