Lucene search

TrellixCVELIST:CVE-2019-3652

HistoryOct 09, 2019 - 2:21 p.m.

CVE-2019-3652 ENS code injection in EPSetup.exe

2019-10-0914:21:13

CWE-94

trellix

www.cve.org

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

CNA Affected

[
  {
    "product": "McAfee Endpoint Security (ENS)",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "10.6.1",
        "status": "affected",
        "version": "10.6.x",
        "versionType": "custom"
      },
      {
        "lessThan": "10.5.5",
        "status": "affected",
        "version": "10.5.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10299