CVE-2019-3660 : What You Need to Know

McAfee Advanced Threat Defense (ATD) versions prior to 4.8 are vulnerable to remote authenticated attackers executing commands via crafted HTTP requests.

Understanding CVE-2019-3660

McAfee Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests

What is CVE-2019-3660?

This CVE refers to a vulnerability in McAfee Advanced Threat Defense (ATD) versions below 4.8 that allows remote authenticated attackers to execute commands on the server through specifically crafted HTTP requests.

The Impact of CVE-2019-3660

CVSS Base Score: 8.4 (High)
Severity: High
Attack Vector: Network
Attack Complexity: High
Availability Impact: High
Confidentiality Impact: Low
Integrity Impact: High
Privileges Required: Low
Scope: Changed
User Interaction: None

Technical Details of CVE-2019-3660

McAfee Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests

Vulnerability Description

The vulnerability allows remote authenticated attackers to execute commands on the server remotely via carefully crafted HTTP requests.

Affected Systems and Versions

Product: Advanced Threat Defense (ATD)
Vendor: McAfee
Affected Versions: < 4.8 (unspecified/custom)

Exploitation Mechanism

Attackers can exploit this vulnerability by sending deliberately crafted HTTP requests to the server, enabling them to execute commands remotely.

Mitigation and Prevention

McAfee has provided the following mitigation steps to address CVE-2019-3660:

Immediate Steps to Take

Upgrade McAfee Advanced Threat Defense (ATD) to version 4.8 or higher.
Monitor network traffic for any suspicious activity.

Long-Term Security Practices

Regularly update and patch McAfee products to the latest versions.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Ensure timely installation of security patches and updates provided by McAfee to address known vulnerabilities.