McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 September 2021 Update XML Entity Expansion Injection Vulnerability

McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 September 2021 Update XML Entity Expansion Injection Vulnerability

CVE-2021-31842 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

Learn more about our User Device Pen Test.