{"api_version":"1","generated_at":"2026-04-22T22:41:03+00:00","cve":"CVE-2021-23887","urls":{"html":"https://cve.report/CVE-2021-23887","api":"https://cve.report/api/cve/CVE-2021-23887.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23887","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23887"},"summary":{"title":"CVE-2021-23887","description":"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.","state":"PUBLIC","assigner":"psirt@mcafee.com","published_at":"2021-04-15 08:15:00","updated_at":"2023-11-15 21:17:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10357","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10357","refsource":"CONFIRM","tags":[],"title":"McAfee Security Bulletin - Data Loss Prevention Endpoint for Windows update fixes two vulnerabilities (CVE-2021-23886 and CVE-2021-23887)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10354","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10354","refsource":"","tags":[],"title":"McAfee Security Bulletin - Endpoint Security for Windows update fixes one vulnerability (CVE-2020-7308)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23887","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23887","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"23887","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"data_loss_prevention_endpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-23887","qid":"375545","title":"McAfee Data Loss Prevention Endpoint Multiple Vulnerabilities(SB10357)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","ID":"CVE-2021-23887","STATE":"PUBLIC","TITLE":"Privilege escalation in McAfee DLP Endpoint for Windows"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"McAfee Data Loss Prevention (DLP) Endpoint for Windows","version":{"version_data":[{"version_affected":"<","version_value":"10.6.100.41"}]}}]},"vendor_name":"McAfee,LLC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-269: Privilege escalation vulnerability  "}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10354","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10354"},{"refsource":"CONFIRM","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10357","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10357"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-04-15 08:15:00","lastModifiedDate":"2023-11-15 21:17:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:windows:*:*","versionEndExcluding":"11.6.100.41","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23887","Ordinal":"198627","Title":"CVE-2021-23887","CVE":"CVE-2021-23887","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23887","Ordinal":"1","NoteData":"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"23887","Ordinal":"2","NoteData":"2021-04-15","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"23887","Ordinal":"3","NoteData":"2021-04-15","Type":"Other","Title":"Modified"}]}}}