PT-2017-16184 · Mcafee · Mcafee Advanced Threat Defense

Published

2017-07-12

Updated

2017-07-17

CVE-2017-4055

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions McAfee Advanced Threat Defense (ATD) versions 3.4 through 3.10

Description The issue concerns the exploitation of an authentication vulnerability in the web interface, allowing remote unauthenticated users to bypass detection due to loose enforcement of authentication and authorization.

Recommendations For versions 3.4 through 3.10, update to a version that addresses the loose enforcement of authentication and authorization to prevent remote unauthenticated users from bypassing ATD detection.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-4055

Affected Products

Mcafee Advanced Threat Defense

PT-2017-16184 · Mcafee · Mcafee Advanced Threat Defense

CVE-2017-4055

Weakness Enumeration

Related Identifiers

Affected Products

References · 4