Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8022

CWE-287 — Improper Authentication4 documents4 sources

Severity

7.5HIGH

EPSS

8.6%

top 7.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Virusscan Enterprise Intel Virusscan Enterprise Linux (vsel)

Timeline

PublishedMar 14

Latest updateMay 17

Description

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel/virusscan_enterprise_linux_(vsel)2.0.3 (and earlier)

▶NVDmcafee/virusscan_enterprise2.0.3

🔴Vulnerability Details

GHSA

GHSA-5qj4-9p84-827g: Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2↗2022-05-17

▶

CVEList

CVE-2016-8022: Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2↗2017-03-14

▶

💥Exploits & PoCs

Exploit-DB

McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution↗2016-12-13

▶