Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8023

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.1HIGH

EPSS

11.3%

top 6.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Virusscan Enterprise Intel Virusscan Enterprise Linux (vsel)

Timeline

PublishedMar 14

Latest updateMay 17

Description

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel/virusscan_enterprise_linux_(vsel)2.0.3 (and earlier)

▶NVDmcafee/virusscan_enterprise2.0.3

🔴Vulnerability Details

GHSA

GHSA-pm4r-rcgw-h79r: Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2↗2022-05-17

▶

CVEList

CVE-2016-8023: Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2↗2017-03-14

▶

💥Exploits & PoCs

Exploit-DB

McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution↗2016-12-13

▶