The bulletin identified CVE-2021-31854 and CVE-2022-0166, two high severity attack vectors that can leave any asset with McAfee ePO Agents deployed vulnerable to attack. Per the McAfee’s guidance, any implementations with Agents earlier than version 5.7.5 deployed should update the Agent or risk further exposure. The security brief provides a detailed explanation of each CVE and cross-references the exploits against MITRE and National Institute of Standards and Technology (NIST) CVE reports.
McAfee has made Agent version 5.7.5 available to users and administrators tasked with remediating the vulnerabilities. The bulletin provides users of McAfee endpoint and ePO/server products with specific steps to determine whether or not their ePO and Agent implementation is vulnerable. Once deployed, any client machine with the Agent installed will no longer be susceptible to the identified exploits. McAfee ePO is an administrative tool used to centralize the management of any endpoints (PCs, printers, other peripherals) on a user’s network. It provides administrators with the ability to centrally track and monitor various system data, events, and policies across all eligible endpoints within their environment. Image credit: Pixelcreatures