SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   McAfee Data Loss Prevention Vendors:   McAfee
McAfee Data Loss Prevention Access Control Flaw Lets Local Users Bypass Security Restrictions
SecurityTracker Alert ID:  1041908
SecurityTracker URL:  http://securitytracker.com/id/1041908
CVE Reference:   CVE-2018-6689   (Links to External Site)
Date:  Oct 18 2018
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in McAfee Data Loss Prevention. A local user can bypass security restrictions.

A local user can bypass security controls on the target user's locked Windows system if certain DLP Endpoint configurations have been made by the DLP Endpoint administrator to include hyperlinks in user notification dialogs.

Lockheed Martin Red Team reported this vulnerability.

Impact:   A local user can bypass security controls on the target system.
Solution:   McAfee has issued a fix (10.0.510, 11.0.600).

The McAfee advisory is available at:

https://kc.mcafee.com/corporate/index?page=content&id=SB10252

Vendor URL:  kc.mcafee.com/corporate/index?page=content&id=SB10252 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC