Data Loss Prevention Endpoint
CVE-2019-3621
MEDIUM
Severity by source
AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.
AnalysisAI
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine. Affected products include: Mcafee Data Loss Prevention Endpoint. Version information: prior to 11.3.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, an
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 1
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authentic
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a loc
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacke
Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today