Improper Signature Verification in Intel Security VirusScan Enterprise Linux
CVE-2016-8021

5MEDIUM

Key Information:

Vendor
Intel
Vendor
CVE Published:
14 March 2017

Summary

The vulnerability found in Intel Security VirusScan Enterprise Linux (VSEL) versions 2.0.3 and earlier allows remote authenticated users to exploit improper verification of cryptographic signatures. By utilizing a specially crafted input file, attackers can spoof the update server and execute arbitrary code on the affected systems, potentially compromising data integrity and system security.

Affected Version(s)

VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

References

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.