High Threat Security Alert (A22-01-18): Multiple Vulnerabilities in McAfee Agent
24 January 2022
McAfee has released a security advisory to address multiple vulnerabilities in McAfee Agent for Windows. An authenticated attacker could inject arbitrary code into the agent to exploit the vulnerability.
Reports indicate a command injection vulnerability (CVE-2021-31854) and a privilege escalation vulnerability (CVE-2022-0166) in McAfee Agent for Windows are at high risk of exploitation. You are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
McAfee Agent for Windows with version prior to 5.7.5
Successful exploitation of the vulnerabilities could lead to arbitrary code execution and privilege escalation on an affected system.
McAfee has released a new version of the product to address the issue. System administrators of affected systems should follow the recommendations provided and take immediate actions to mitigate the risk.