CVE-2022-0129

EUVD-2022-15342
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
trellixCNA
7.4 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
mcafeetechcheck
𝑥
< 4.0.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://service.mcafee.com/?articleId=TS103243
https://service.mcafee.com/?articleId=TS103243