Vulnerabilities > CVE-2021-23887 - Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

mcafee

NVD

Published: 2021-04-15

Updated: 2023-11-15

Summary

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Data Loss Prevention Endpoint *	1

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10354
https://kc.mcafee.com/corporate/index?page=content&id=SB10357