Improper Signature Verification in Intel Security VirusScan Enterprise Linux
CVE-2016-8021

5MEDIUM

Key Information:

Vendor
Intel
Status
Virusscan Enterprise Linux (vsel)
Vendor
CVE Published:
14 March 2017

Summary

The vulnerability found in Intel Security VirusScan Enterprise Linux (VSEL) versions 2.0.3 and earlier allows remote authenticated users to exploit improper verification of cryptographic signatures. By utilizing a specially crafted input file, attackers can spoof the update server and execute arbitrary code on the affected systems, potentially compromising data integrity and system security.

Affected Version(s)

VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

References

http://www.securityfocus.com/bid/94823
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037433
vdb-entryx_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.