CVE-2022-0166: 
Trellix Agent vulnerability analysis and mitigation

A privilege escalation vulnerability was discovered in McAfee Agent versions prior to 5.7.5, identified as CVE-2022-0166. The vulnerability stems from the McAfee Agent's use of openssl.cnf during the build process, where it specifies the OPENSSLDIR variable as a subdirectory within the installation directory (CERT VU, NVD).

The vulnerability exists in the OpenSSL component of McAfee Agent, which comes bundled with various McAfee products such as McAfee Endpoint Security. The issue arises from the specification of an OPENSSLDIR variable as a subdirectory that could be controlled by an unprivileged user on Windows. The McAfee Agent contains a privileged service that uses this OpenSSL component, creating a potential security risk (CERT VU).

When successfully exploited, this vulnerability allows a low-privileged user to execute arbitrary code with SYSTEM privileges on a Windows system where the vulnerable McAfee Agent software is installed (CERT VU).

The vulnerability has been addressed in McAfee Agent version 5.7.5. Users are advised to update to this version or later to mitigate the security risk (CERT VU).