Incorrect Default Permissions

CVE-2018-6683

High

7.2/10

Summary

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

Published Jul 23, 2018

Incorrect Default Permissions

CVE-2018-6683

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS