Published: 14/03/2017 Updated: 03/09/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 8 | Impact Score: 6 | Exploitability Score: 1.3

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and previous versions) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mcafee virusscan enterprise

''' Source: nationstateactor/mcafeehtml Vulnerabilities CVE-2016-8016: Remote Unauthenticated File Existence Test CVE-2016-8017: Remote Unauthenticated File Read (with Constraints) CVE-2016-8018: No Cross-Site Request Forgery Tokens CVE-2016-8019: Cross Site Scripting CVE-2016-8020: Authenticated Remote Code Execution & Privilege E ...

McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vulnerability ...

P0wnographer finds remote code exec bug in McAfee enterprise

The Register • Darren Pauli • 13 Dec 2016

This one ticks all the boxes: Runs as root ✔ Claims security ✔ Unpopular product with few updates ✔

McAfee has taken six months to patch 10 critical vulnerabilities in its VirusScan Enterprise Linux client. And these were nasty bugs as when chained they resulted remote code execution as root. Andrew Fasano, security researcher with MIT Lincoln Laboratory, says attackers can chain the flaws to compromise McAfee Linux clients by spinning up malicious update servers. "At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers l...

CVE-2016-8020

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect