← back
CVE-2021-23887

Privilege escalation in McAfee DLP Endpoint for Windows

CVSS 7.8 HIGHEPSS 0.2%CWE-269
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Apr 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
McAfee,LLC · McAfee Data Loss Prevention (DLP) Endpoint for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10354https://kc.mcafee.com/corporate/index?page=content&id=SB10357