CVE-2022-0129

Description

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2022-0129
Base Score: 6.7
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.8

trellix
CVE ID: CVE-2022-0129
Base Score: 7.4
Base Severity: HIGH
Vector String:CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
Impact Score: 5.8
Exploitability Score: 1.1

nvd
CVE ID: CVE-2022-0129
Base Score: 7.2
Base Severity: HIGH
Vector String:AV:L/AC:L/Au:N/C:C/I:C/A:C

Refrence: NVD MITRE

Description​

Description