Vulnerability-Lookup

CNVD-2018-11439

Vulnerability from cnvd - Published: 2018-06-13

Title

McAfee Data Loss Prevention Endpoint本地安全绕过漏洞

Description

McAfee Data Loss Prevention（DLP）Endpoint是美国迈克菲（McAfee）公司的一套集成式终端数据保护解决方案。该方案能够防止机密数据被盗和意外泄露，并提供针对文件处理和传输的安全策略、共享终端数据流控制和数据加密等功能。 McAfee DLP Endpoint 10.0.500之前版本和11.0.400之前版本中存在安全漏洞。攻击者可借助命令行实用程序利用该漏洞绕过安全限制。

Severity

中

Patch Name

McAfee Data Loss Prevention Endpoint本地安全绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10233

Reference

https://securitytracker.com/id/1040895

Impacted products

Name
['McAfee Data Loss Prevention Endpoint <10.0.500', 'McAfee Data Loss Prevention Endpoint <11.0.400']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104299"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6664"
    }
  },
  "description": "McAfee Data Loss Prevention\uff08DLP\uff09Endpoint\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u6210\u5f0f\u7ec8\u7aef\u6570\u636e\u4fdd\u62a4\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u9632\u6b62\u673a\u5bc6\u6570\u636e\u88ab\u76d7\u548c\u610f\u5916\u6cc4\u9732\uff0c\u5e76\u63d0\u4f9b\u9488\u5bf9\u6587\u4ef6\u5904\u7406\u548c\u4f20\u8f93\u7684\u5b89\u5168\u7b56\u7565\u3001\u5171\u4eab\u7ec8\u7aef\u6570\u636e\u6d41\u63a7\u5236\u548c\u6570\u636e\u52a0\u5bc6\u7b49\u529f\u80fd\u3002\r\n\r\nMcAfee DLP Endpoint 10.0.500\u4e4b\u524d\u7248\u672c\u548c11.0.400\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002",
  "discovererName": "Communications Security Establishment Canada (CSEC)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10233",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11439",
  "openTime": "2018-06-13",
  "patchDescription": "McAfee Data Loss Prevention\uff08DLP\uff09Endpoint\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u6210\u5f0f\u7ec8\u7aef\u6570\u636e\u4fdd\u62a4\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u9632\u6b62\u673a\u5bc6\u6570\u636e\u88ab\u76d7\u548c\u610f\u5916\u6cc4\u9732\uff0c\u5e76\u63d0\u4f9b\u9488\u5bf9\u6587\u4ef6\u5904\u7406\u548c\u4f20\u8f93\u7684\u5b89\u5168\u7b56\u7565\u3001\u5171\u4eab\u7ec8\u7aef\u6570\u636e\u6d41\u63a7\u5236\u548c\u6570\u636e\u52a0\u5bc6\u7b49\u529f\u80fd\u3002\r\n\r\nMcAfee DLP Endpoint 10.0.500\u4e4b\u524d\u7248\u672c\u548c11.0.400\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Data Loss Prevention Endpoint\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "McAfee Data Loss Prevention Endpoint \u003c10.0.500",
      "McAfee Data Loss Prevention Endpoint \u003c11.0.400"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1040895",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-11",
  "title": "McAfee Data Loss Prevention Endpoint\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-6664 (GCVE-0-2018-6664)

Vulnerability from cvelistv5 – Published: 2018-05-25 13:00 – Updated: 2024-09-16 17:54

Title

SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability

Summary

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:H

CWE

Application Protection Bypass vulnerability

Assigner

trellix

References

URL

Tags

	http://www.securityfocus.com/bid/104299	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040895	vdb-entryx_refsource_SECTRACK
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

McAfee

Data Loss Prevention (DLP) Endpoint

Affected: 10 , < 10.0.500 (custom)

McAfee

Data Loss Prevention (DLP) Endpoint

Affected: 11 , < 11.0.400 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:10:10.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104299",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104299"
          },
          {
            "name": "1040895",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040895"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86"
          ],
          "product": "Data Loss Prevention (DLP) Endpoint",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThan": "10.0.500",
              "status": "affected",
              "version": "10",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Data Loss Prevention (DLP) Endpoint",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThan": "11.0.400",
              "status": "affected",
              "version": "11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Application Protection Bypass vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-30T09:57:01",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "name": "104299",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104299"
        },
        {
          "name": "1040895",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040895"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10237"
        }
      ],
      "source": {
        "advisory": "SB10233",
        "discovery": "EXTERNAL"
      },
      "title": "SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2018-05-08T17:00:00.000Z",
          "ID": "CVE-2018-6664",
          "STATE": "PUBLIC",
          "TITLE": "SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Data Loss Prevention (DLP) Endpoint",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "x86",
                            "version_affected": "\u003c",
                            "version_name": "10",
                            "version_value": "10.0.500"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Data Loss Prevention (DLP) Endpoint",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "11",
                            "version_value": "11.0.400"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Application Protection Bypass vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104299",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104299"
            },
            {
              "name": "1040895",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040895"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10237",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10237"
            }
          ]
        },
        "source": {
          "advisory": "SB10233",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2018-6664",
    "datePublished": "2018-05-25T13:00:00Z",
    "dateReserved": "2018-02-06T00:00:00",
    "dateUpdated": "2024-09-16T17:54:18.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-11439

CVE-2018-6664 (GCVE-0-2018-6664)

Tags

Sightings

Nomenclature