CVE-2018-6683

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.4HIGH
EPSS
0.0%
top 87.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee Data Loss Prevention (dlp) FOR WindowsMcafee Data Loss Prevention Endpoint
Timeline
PublishedJul 23
Latest updateMay 13

Description

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 0.7 | Impact: 6.0

Affected Packages2 packages

CVEListV5mcafee/data_loss_prevention_(dlp)_for_windows10.x10.0.505+1

🔴Vulnerability Details

2
GHSA
GHSA-4v28-8jj3-x7g5: Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 102022-05-13
CVEList
- Data Loss Prevention (DLP) for Windows - Exploiting Incorrectly Configured Access Control Security Levels vulnerability2018-07-23