PT-2021-19544 · Mcafee · Mcafee Endpoint Security

Published

2021-09-17

Updated

2022-05-10

CVE-2021-31842

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions McAfee Endpoint Security (ENS) for Windows versions prior to 10.7.0 September 2021 Update

Description The issue allows a local user to initiate high CPU and memory consumption, resulting in a Denial of Service attack. This is achieved through carefully editing the EPDeploy.xml file and then executing the setup process, exploiting an XML Entity Expansion injection vulnerability.

Recommendations For versions prior to 10.7.0 September 2021 Update, update to the September 2021 Update or later to resolve the issue. As a temporary workaround, consider restricting access to the EPDeploy.xml file to minimize the risk of exploitation. Avoid executing the setup process with a modified EPDeploy.xml file until the issue is resolved.

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2021-31842

Affected Products

Mcafee Endpoint Security

PT-2021-19544 · Mcafee · Mcafee Endpoint Security

CVE-2021-31842

Weakness Enumeration

Related Identifiers

Affected Products

References · 5