Lucene search

TrellixCVELIST:CVE-2023-0400

HistoryFeb 01, 2023 - 4:34 p.m.

CVE-2023-0400

2023-02-0116:34:09

CWE-670

trellix

www.cve.org

vulnerability

dlp

windows 11.9.x

local user

bypass controls

uploading data

mapped drive

web email client

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Data Loss Prevention (DLP)",
    "vendor": "Trellix",
    "versions": [
      {
        "lessThanOrEqual": "11.9.x",
        "status": "affected",
        "version": "11.9.100",
        "versionType": "custom"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-0400