CVE-2019-3652Code Injection in LLC Mcafee Endpoint Security

CWE-94Code Injection3 documents3 sources
Severity
5.3MEDIUMNVD
CNA5.0
EPSS
0.1%
top 68.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedOct 9
Latest updateMay 24

Description

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDmcafee/endpoint_security10.6.010.6.1+2
CVEListV5mcafee_llc/mcafee_endpoint_security10.6.x10.6.1+1

🔴Vulnerability Details

2
GHSA
GHSA-rxpf-v99c-5pj8: Code Injection vulnerability in EPSetup2022-05-24
CVEList
ENS code injection in EPSetup.exe2019-10-09
CVE-2019-3652 — Code Injection | cvebase