DLP Endpoint Windows lock screen bypass with physical access
CVE-2019-3621

6.8MEDIUM

Key Information:

Vendor: Mcafee, Llc
Status: Data Loss Prevention (dlpe) For Windows
Vendor: CVE Published:; 25 July 2019

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2019-3621?

Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.

Affected Version(s)

Data Loss Prevention (DLPe) for Windows 11.x < 11.3.0

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109370

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 25, 2019
Vulnerability Reserved
Jan 3, 2019

JSON