Lucene search

TrellixCVELIST:CVE-2019-3621

HistoryJul 25, 2019 - 4:20 p.m.

CVE-2019-3621 DLP Endpoint Windows lock screen bypass with physical access

2019-07-2516:20:25

trellix

www.cve.org

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.

CNA Affected

[
  {
    "product": "Data Loss Prevention (DLPe) for Windows",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "11.3.0",
        "status": "affected",
        "version": "11.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109370

kc.mcafee.com/corporate/index?page=content&id=SB10290

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2019-3621