CVE-2019-3652 Vulnerability Details

  /     /     /  

CVE-2019-3652 Metadata Quick Info

CVE Published: 09/10/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: trellix | Vendor: McAfee, LLC | Product: McAfee Endpoint Security (ENS)
Status : PUBLISHED

CVE-2019-3652 Description

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Metrics

CVSS Version: 3.1 | Base Score: 5 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-94
CWE Name: CWE-94 Improper Control of Generation of Code ( Code Injection )
Source: McAfee, LLC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2019-3652 Vulnerability Details