CVE-2021-23887
Summary
| CVE | CVE-2021-23887 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-15 08:15:00 UTC |
| Updated | 2023-11-15 21:17:00 UTC |
| Description | Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Data Loss Prevention Endpoint | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| McAfee Security Bulletin - Data Loss Prevention Endpoint for Windows update fixes two vulnerabilities (CVE-2021-23886 and CVE-2021-23887) | CONFIRM | kc.mcafee.com | |
| McAfee Security Bulletin - Endpoint Security for Windows update fixes one vulnerability (CVE-2020-7308) | kc.mcafee.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 375545 McAfee Data Loss Prevention Endpoint Multiple Vulnerabilities(SB10357)