Описание
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
Уязвимые конфигурации
Конфигурация 1Версия до 10.7.0 (исключая)
Одно из
cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:april_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:april_2021:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:february_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:february_2021:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:july_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:june_2021:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:november_2020:*:*:*:windows:*:*
cpe:2.3:a:mcafee:endpoint_security:10.7.0:september_2020:*:*:*:windows:*:*
EPSS
Процентиль: 15%
0.00048
Низкий
5 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-776
CWE-776
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
EPSS
Процентиль: 15%
0.00048
Низкий
5 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-776
CWE-776