CVE-2021-23887 — Improper Privilege Management in LLC Mcafee Data Loss Prevention Endpoint FOR Windows

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Data Loss Prevention Endpoint FOR Windows Mcafee Data Loss Prevention Endpoint

Timeline

PublishedApr 15

Latest updateMay 24

Description

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5mcafee_llc/mcafee_data_loss_prevention_endpoint_for_windowsunspecified — 10.6.100.41

▶NVDmcafee/data_loss_prevention_endpoint< 11.6.100.41

🔴Vulnerability Details

GHSA

GHSA-gjh7-83g9-wq47: Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11↗2022-05-24

▶

CVEList

Privilege escalation in McAfee DLP Endpoint for Windows↗2021-04-15

▶