CVE-2016-8021

5MEDIUM

Key Information:

Vendor: Intel
Status: Virusscan Enterprise Linux (vsel)
Vendor: CVE Published:; 14 March 2017

Summary

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.

Affected Version(s)

VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

References

http://www.securityfocus.com/bid/94823

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1037433

vdb-entryx_refsource_SECTRACK

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2017
Vulnerability Reserved
Sep 9, 2016