CVE-2020-7346

high

Trellix

CVSS v3 Base Score

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.1%

Exploitation probability in 30 days

Top 81% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: March 23, 2021 (1877 days ago)

Last Modified: February 23, 2026

Vendor: Trellix

Description

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.

CWE

CWE-59

Affected Products

mcafee data loss prevention

References

🔗 kc.mcafee.com 🔗 kc.mcafee.com

CVE-2020-7346

Vulnerability Report

Description

CWE

Affected Products

References