Vulnerabilities > CVE-2021-31842 - XML Entity Expansion vulnerability in Mcafee Endpoint Security

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

mcafee

CWE-776

NVD

Published: 2021-09-17

Updated: 2023-11-07

Summary

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Endpoint Security 10.5.0 Mcafee Endpoint Security 10.5.1 Mcafee Endpoint Security 10.5.2 Mcafee Endpoint Security 10.5.3 Mcafee Endpoint Security 10.5.4 Mcafee Endpoint Security 10.5.5 Mcafee Endpoint Security 10.6.0 Mcafee Endpoint Security 10.6.1 Mcafee Endpoint Security 10.7.0	34

Common Weakness Enumeration (CWE)

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10367