Executive Summary

Informations
NameCVE-2019-3652First vendor Publication2019-10-09
VendorCveLast vendor Modification2019-10-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score4.6Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3652

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8
Os1

Sources (Detail)

SourceUrl
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10299

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-10-16 00:19:52
  • Multiple Updates
2019-10-10 00:20:03
  • First insertion