vulnerability

McAfee Endpoint Security Platform: CVE-2021-31842: Endpoint security for windows update fixes two vulnerabilities (SB10367)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:N/I:N/A:P)	Sep 17, 2021	Aug 16, 2022	Aug 16, 2022

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:P)

Published

Sep 17, 2021

Added

Aug 16, 2022

Modified

Aug 16, 2022

Description

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

Solution(s)

mcafee-endpoint-security-platform-upgrade-10-6-1-2402mcafee-endpoint-security-platform-upgrade-10-7-0-3012

References

CVE-2021-31842
https://attackerkb.com/topics/CVE-2021-31842
MCAFEE-SB10367

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today