CVE-2019-3621

Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.

Published: Jul 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3621
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.2
AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mcafee / data_loss_prevention_endpoint	11.0	11.1.200
mcafee / data_loss_prevention_endpoint	11.2.000	11.3.0

http://www.securityfocus.com/bid/109370
https://kc.mcafee.com/corporate/index?page=content&id=SB10290

Vulnerability Database

289,697

CVE-2019-3621