CVE-2016-8021

MEDIUM

Intel Security VirusScan Enterprise Linux <2.0.3 - RCE

Title source: llm

Description

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andrew Fasano · pythonremotelinux

https://www.exploit-db.com/exploits/40911

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037433

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10181

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94823

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40911/

Scores

CVSS v3 5.0

EPSS 0.0285

EPSS Percentile 86.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-347

Status published

Affected Products (2)

mcafee/virusscan_enterprise < 2.0.3

Intel/VirusScan Enterprise Linux (VSEL) < 2.0.3 (and earlier)

Timeline

Published Mar 14, 2017

Tracked Since Feb 18, 2026