QID 375545

Date Published: 2021-05-13

QID 375545: McAfee Data Loss Prevention Endpoint Multiple Vulnerabilities(SB10357)

McAfee Data Loss Prevention (DLP) Endpoint safeguards intellectual property and ensures compliance by protecting sensitive data on endpoint systems.

It is affected by following CVEs:
CVE-2021-23886: Improper Handling of Exceptional Conditions
CVE-2021-23887: Privilege escalation vulnerability

Affected Versions:
McAfee DLP Endpoint for Windows Prior to (HotFix) HF 11.6.100.41

QID Detection Logic:(Authenticated)
This QID checks for vulnerable version of McAfee Data Loss Prevention Endpoint by checking file version of fcag.exe.

On Successful attack it allows a local, low privileged, attacker to cause a BSoD through suspending a process,
modifying the processes memory and restarting it.
This is triggered by the hdlphook driver reading invalid memory.

  • CVSS V3 rated as High - 7.8 severity.
  • CVSS V2 rated as High - 7.2 severity.
    • Solution
    Customers are advised to Update to Data Loss Prevention Endpoint (DLP Endpoint) update or install Hotfix 11.6.100.41. For more information please visit SB10357.
    Vendor References

    CVEs related to QID 375545

    CVE-2021-23886 | CVE-2021-23887 |
    Software Advisories
    Advisory ID Software Component Link
    SB10357 Windows URL Logo kc.mcafee.com/corporate/index?page=content&id=SB10357
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].