CVE-2021-31842

MEDIUM

Mcafee Endpoint Security < 10.7.0 - XML Entity Expansion

Title source: rule

Description

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10367

Scores

CVSS v3 5.0

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-776

Status published

Products (2)

mcafee/endpoint_security 10.7.0 april_2020 (8 CPE variants)

mcafee/endpoint_security < 10.7.0

Published Sep 17, 2021

Tracked Since Feb 18, 2026