CVE-2023-0400 - Vulnerability Details - OpenCVE

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00108.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows
Trellix	Data Loss Prevention

Configuration 1 [-]

AND

cpe:2.3:a:trellix:data_loss_prevention:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-12460	The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Fixes

Solution

Customers should upgrade to version 11.10.0.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00045}`	epss `{'score': 0.00052}`

Wed, 26 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2023-02-01T16:34:09.911Z

Updated: 2025-03-26T14:30:54.816Z

Reserved: 2023-01-19T11:50:39.778Z

Link: CVE-2023-0400

Vulnrichment

Updated: 2024-08-02T05:10:55.927Z

NVD

Status : Modified

Published: 2023-02-02T09:15:08.503

Modified: 2024-11-21T07:37:07.010

Link: CVE-2023-0400

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0400", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-01-19T11:50:39.778Z", "datePublished": "2023-02-01T16:34:09.911Z", "dateUpdated": "2025-03-26T14:30:54.816Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Data Loss Prevention (DLP)", "vendor": "Trellix", "versions": [{"lessThanOrEqual": "11.9.x", "status": "affected", "version": "11.9.100", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.</span>\n\n"}], "value": "\nThe protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.\n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-02-02T08:17:29.178Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers should upgrade to version 11.10.0.</span><br>"}], "value": "\nCustomers should upgrade to version 11.10.0.\n"}], "source": {"advisory": "SB10394", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:55.927Z"}, "title": "CVE Program Container", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T14:30:40.411350Z", "id": "CVE-2023-0400", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T14:30:54.816Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:55.927Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0400", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T14:30:40.411350Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T14:30:47.006Z"}}], "cna": {"source": {"advisory": "SB10394", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trellix", "product": "Data Loss Prevention (DLP)", "versions": [{"status": "affected", "version": "11.9.100", "versionType": "custom", "lessThanOrEqual": "11.9.x"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nCustomers should upgrade to version 11.10.0.\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers should upgrade to version 11.10.0.</span><br>", "base64": false}]}], "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nThe protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-02-02T08:17:29.178Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0400", "state": "PUBLISHED", "dateUpdated": "2025-03-26T14:30:54.816Z", "dateReserved": "2023-01-19T11:50:39.778Z", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "datePublished": "2023-02-01T16:34:09.911Z", "assignerShortName": "trellix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trellix:data_loss_prevention:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DA8FA9A-5DAC-4117-8311-F5DDE0338677", "versionEndExcluding": "11.10.0", "versionStartIncluding": "11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nThe protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.\n\n"}], "evaluatorComment": "m", "id": "CVE-2023-0400", "lastModified": "2024-11-21T07:37:07.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-02T09:15:08.503", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}