CVE-2019-3663

CRITICAL

Mcafee Advanced Threat Defense - Insufficiently Protected Credentials

Title source: rule

Description

Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details

Exploits (1)

nomisec WORKING POC 1 stars

by funoverip · poc

https://github.com/funoverip/mcafee_atd_CVE-2019-3663

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Scores

CVSS v3 9.8

EPSS 0.0044

EPSS Percentile 62.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

mcafee/advanced_threat_defense < 4.8

Timeline

Published Nov 14, 2019

Tracked Since Feb 18, 2026