CVE-2021-23886 — Improper Handling of Exceptional Conditions in LLC Mcafee Data Loss Prevention Endpoint FOR Windows

CWE-755 — Improper Handling of Exceptional Conditions3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Data Loss Prevention Endpoint FOR Windows Mcafee Data Loss Prevention Endpoint

Timeline

PublishedApr 15

Latest updateMay 24

Description

Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee_llc/mcafee_data_loss_prevention_endpoint_for_windowsunspecified — 10.6.100.41

▶NVDmcafee/data_loss_prevention_endpoint< 11.6.100.41

🔴Vulnerability Details

GHSA

GHSA-67hv-ghcg-2jfq: Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11↗2022-05-24

▶

CVEList

Local Denial of Service in McAfee DLP Endpoint for Windows↗2021-04-15

▶