Data Loss Prevention Endpoint (DLPe) - Authentication Bypass vulnerability
CVE-2018-6689

7HIGH

Key Information:

Vendor: Mcafee
Status: Data Loss Prevention Endpoint (dlpe)
Vendor: CVE Published:; 3 October 2018

Summary

Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.

Affected Version(s)

Data Loss Prevention Endpoint (DLPe) x86 10.0.0 < 10.0.0*

Data Loss Prevention Endpoint (DLPe) x86 11.0.0 < 11.0.0*

Data Loss Prevention Endpoint (DLPe) x86 10.0.510 < 10.0.510*

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041908

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 3, 2018
Vulnerability Reserved
Feb 6, 2018

Credit

McAfee credits Lockheed Martin Red Team for reporting this flaw.