CVE-2019-3652

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

• CVE ID
• CVE-2019-3652

• Assigner
• psirt@mcafee.com

• Vulnerability Status
• Analyzed

• Published Version
• 2019-10-09T16:15:16

• Last Modified Date
• 2019-10-15T18:02:42

• Version
• 2.0

• Vector String
• AV:L/AC:L/Au:N/C:P/I:P/A:P

• Access Vector
• LOCAL

• Access Compatibility
• LOW

• Authentication
• NONE

• Confidentiality Impact
• PARTIAL

• Integrity Impact
• PARTIAL

• Availability Impact
• PARTIAL

• Base Score
• 4.6

• Severity
• MEDIUM

• Exploitability Score
• 3.9

• Impact Score
• 6.4

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

• Attack Vector
• LOCAL

• Attack Compatibility
• LOW

• Privileges Required
• LOW

• User Interaction
• NONE

• Scope
• UNCHANGED

• Confidentiality Impact
• LOW

• Availability Impact
• LOW

• Base Score
• 5.3

• Base Severity
• MEDIUM

• Exploitability Score
• 1.8

• Impact Score
• 3.4