CVE-2021-31842

Summary

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

Affected Software

VendorProductVersion RangeStatus
McAfee,LLCMcAfee Endpoint Security (ENS) for WIndowsunspecified < 10.7.0 September 2021 Updateaffected

Weaknesses

  • CWE-776: CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADP Enrichment

CVE Program Container

Additional References

References