Command Injection Vulnerability in McAfee Data Loss Prevention (DLP) 11.x

Command Injection Vulnerability in McAfee Data Loss Prevention (DLP) 11.x

CVE-2019-3595 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.

Learn more about our User Device Pen Test.