SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   McAfee Data Loss Prevention Vendors:   McAfee
McAfee Data Loss Prevention Endpoint Flaw Lets Local Users Bypass Security Restrictions
SecurityTracker Alert ID:  1040895
SecurityTracker URL:  http://securitytracker.com/id/1040895
CVE Reference:   CVE-2018-6664   (Links to External Site)
Date:  May 10 2018
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11
Description:   A vulnerability was reported in McAfee Data Loss Prevention Endpoint. A local user can bypass security restrictions.

A local user can generate a Master Response String on the target endpoint system to cause the DLP Endpoint protection mode to switch to bypass mode without authorization from McAfee ePolicy Orchestrator.

Communications Security Establishment Canada (CSEC) reported this vulnerability.

Impact:   A local user can cause the DLP Endpoint protection mode to switch to bypass mode.
Solution:   McAfee has issued a fix (10.0.500, 11.0.400).

The McAfee advisory is available at:

https://kc.mcafee.com/corporate/index?page=content&id=SB10233

Vendor URL:  kc.mcafee.com/corporate/index?page=content&id=SB10233 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC