CVE-2021-31842

CWE-776 — XML Entity Expansion (Billion Laughs)CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 85.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee,llc Mcafee Endpoint Security (ens) FOR Windows Mcafee Endpoint Security

Timeline

PublishedSep 17

Latest updateMay 24

Description

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee,llc/mcafee_endpoint_security_(ens)_for_windowsunspecified — 10.7.0 September 2021 Update

▶NVDmcafee/endpoint_security< 10.7.0+1

🔴Vulnerability Details

GHSA

GHSA-93hf-xxfj-6gx3: XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10↗2022-05-24

▶

CVEList

CVE-2021-31842: XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10↗2021-09-17

▶