CVE-2019-3652 — MEDIUM (5.0)

Q: How severe is CVE-2019-3652?

CVE-2019-3652 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3652?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Endpoint Security, Microsoft Windows.

Vulnerability Description

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Mcafee	Endpoint Security	>= 10.5.0, <= 10.5.5
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2019-3652?

CVE-2019-3652 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code ...

How severe is CVE-2019-3652?

CVE-2019-3652 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3652?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Endpoint Security, Microsoft Windows.