CVE-2023-0400
Published: 02 February 2023
Summary
CVE-2023-0400 is a medium-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Trellix Data Loss Prevention. Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12460
Vulnerability details
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local…
more
driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.