ENS code injection in EPSetup.exe
CVE-2019-3652

5MEDIUM

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Endpoint Security (ens)
Vendor: CVE Published:; 9 October 2019

Summary

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Affected Version(s)

McAfee Endpoint Security (ENS) 10.6.x < 10.6.1

McAfee Endpoint Security (ENS) 10.5.x < 10.5.5

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 9, 2019
Vulnerability Reserved
Jan 3, 2019