First published: Wed Oct 09 2019(Updated: )
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Endpoint Security | >=10.5.0<=10.5.5 | |
Mcafee Endpoint Security | >=10.6.0<10.6.1 | |
Mcafee Endpoint Security | =10.6.1 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3652 is a code injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update.
CVE-2019-3652 allows a local user to install malicious code using the ENS installer via code injection into EPSetup.exe.
CVE-2019-3652 affects McAfee Endpoint Security versions between 10.5.0 and 10.5.5, and versions between 10.6.0 and 10.6.1.
CVE-2019-3652 has a severity score of 5.3 (medium).
To fix CVE-2019-3652, users should update McAfee Endpoint Security to version 10.6.1 or later.