Authentication bypass in McAfee Data Loss Prevention Endpoint



Published: 2018-10-15
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-6689
CWE-ID CWE-592
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		McAfee Data Loss Prevention Endpoint
Server applications / DLP, anti-spam, sniffers

Vendor McAfee

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Authentication bypass

EUVDB-ID: #VU15365

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-6689

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: No

Description

The vulnerability allows a physical attacker to bypass authentication on the target system.

The weakness exists due to unspecified flaw. A physical attacker can access a user's session on a locked Windows machine if certain DLP Endpoint configurations are made by the DLP Endpoint administrator, include hyperlinks in user notification dialogs and bypass authentication to perform specific actions on a protected machine.

Mitigation

The vulnerability has been fixed in the versions 10.0.510, 11.0.600.

Vulnerable software versions

McAfee Data Loss Prevention Endpoint: 10.0.0 - 11.0.500

External links

http://kc.mcafee.com/corporate/index?page=content&id=SB10252


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###