CVE-2016-8020

HIGH

Intel Security VirusScan Enterprise Linux <2.0.3 - Code Injection

Title source: llm
STIX 2.1

Description

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andrew Fasano · pythonremotelinux
https://www.exploit-db.com/exploits/40911

References (4)

Scores

CVSS v3 8.0
EPSS 0.0292
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
Intel/VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)
mcafee/virusscan_enterprise < 2.0.3
Published Mar 14, 2017
Tracked Since Feb 18, 2026