Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8020

CWE-94Code Injection4 documents4 sources
Severity
8.0HIGH
EPSS
2.9%
top 13.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mcafee Virusscan EnterpriseIntel Virusscan Enterprise Linux (vsel)
Timeline
PublishedMar 14
Latest updateMay 17

Description

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5intel/virusscan_enterprise_linux_(vsel)2.0.3 (and earlier)

🔴Vulnerability Details

2
GHSA
GHSA-5926-qqg4-957h: Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 22022-05-17
CVEList
CVE-2016-8020: Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 22017-03-14

💥Exploits & PoCs

1
Exploit-DB
McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution2016-12-13
CVE-2016-8020 (HIGH CVSS 8) | Improper control of generation of c | cvebase.io