CVE-2017-4053

CRITICAL

McAfee ATD <3.10-3.4 - Command Injection

Title source: llm

Description

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10204

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99560

Scores

CVSS v3 9.8

EPSS 0.0443

EPSS Percentile 89.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (8)

McAfee/Advanced Threat Defense (ATD) 3.10

McAfee/Advanced Threat Defense (ATD) 3.5

McAfee/Advanced Threat Defense (ATD) 3.6

McAfee/Advanced Threat Defense (ATD) 3.8

mcafee/advanced_threat_defense 3.4

mcafee/advanced_threat_defense 3.6

mcafee/advanced_threat_defense 3.8

mcafee/advanced_threat_defense 3.10

Published Jul 12, 2017

Tracked Since Feb 18, 2026