CVE-2021-31842

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
XML Entity Expansion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
trellixCNA
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
mcafeeendpoint_security
𝑥
< 10.7.0
mcafeeendpoint_security
10.7.0:april_2020
mcafeeendpoint_security
10.7.0:april_2021
mcafeeendpoint_security
10.7.0:february_2020
mcafeeendpoint_security
10.7.0:february_2021
mcafeeendpoint_security
10.7.0:july_2020
mcafeeendpoint_security
10.7.0:june_2021
mcafeeendpoint_security
10.7.0:november_2020
mcafeeendpoint_security
10.7.0:september_2020
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10367
https://kc.mcafee.com/corporate/index?page=content&id=SB10367