Publish CVE-2019-3652

SB is already live.
2025-08-04 08:44:25 +00:00 · 2019-10-09 14:28:57 +05:30 · 2019-10-09 14:28:57 +05:30 · 93eaebc5b3
commit 93eaebc5b3
parent df707179ca
1 changed files with 78 additions and 4 deletions
--- a/2019/3xxx/CVE-2019-3652.json
+++ b/2019/3xxx/CVE-2019-3652.json
@ -1,8 +1,39 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2019-3652",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "ENS code injection in EPSetup.exe"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "McAfee Endpoint Security (ENS)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "10.6.x",
+                                            "version_value": "10.6.1"
+                                        },
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "10.5.x",
+                                            "version_value": "10.5.5"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "McAfee, LLC"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +42,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.8"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "LOW",
+            "baseScore": 5,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10299",
+                "refsource": "CONFIRM",
+                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10299"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "EXTERNAL"
    }
-}
+}