CVE-2020-7346: Privilege escalation in McAfee DLP Endpoint for Windows
First published: Tue Mar 23 2021(Updated: )
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Data Loss Prevention | <11.6.100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7346?
CVE-2020-7346 is a privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to version 11.6.100.
How severe is CVE-2020-7346?
CVE-2020-7346 has a severity score of 7.8, which is considered high.
How does CVE-2020-7346 work?
CVE-2020-7346 allows a local, low privileged attacker to load DLLs of their choosing through the use of junctions in McAfee Data Loss Prevention (DLP) for Windows.
What is the affected software version of CVE-2020-7346?
The affected software version of CVE-2020-7346 is McAfee Data Loss Prevention (DLP) for Windows prior to version 11.6.100.
Where can I find more information about CVE-2020-7346?
You can find more information about CVE-2020-7346 on the McAfee support website: https://kc.mcafee.com/corporate/index?page=content&id=SB10344
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/mcafee
- canonical/mcafee data loss prevention