CVE-2018-6683

Published: Jul 23, 2018Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.7 / Impact: 6.0

Source: NVD

Description

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.

Affected (2)

Products: Mcafee: Data Loss Prevention Endpoint

1 product

Data Loss Prevention Endpoint

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Data Loss Prevention Endpoint	Before 10.0.505

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mcafee Data Loss Prevention Endpoint	Before 11.0.405

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10246

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10246

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.