Information Exposure in Intel Security VirusScan Enterprise Linux by Intel
CVE-2016-8016

3.4LOW

Key Information:

Vendor
Intel
Status
Virusscan Enterprise Linux (vsel)
Vendor
CVE Published:
14 March 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 12%

Summary

The vulnerability in Intel Security VirusScan Enterprise Linux prior to version 2.0.4 allows authenticated remote attackers to exploit a weakness via URL parameters, enabling them to ascertain the existence of unauthorized files within the system. This exposure can lead to potential data leaks and unauthorized access to sensitive information, making it crucial for users to implement security measures to mitigate the risk.

Affected Version(s)

VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

exploit-CVE-2016-8016-25
Created by opsxcq

References

http://www.securityfocus.com/bid/94823
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037433
vdb-entryx_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.