PT-2017-1475 · Intel Security · Virusscan Enterprise Linux

Published

2017-03-14

Updated

2017-09-03

CVE-2016-8017

CVSS v3.1

4.1

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Intel Security VirusScan Enterprise Linux (VSEL) versions 2.0.3 and earlier

Description The issue is related to a special element injection vulnerability that exists due to insufficient input validation. This allows an authenticated remote attacker to read files on the web server via crafted user input. The vulnerability can be exploited by a remote attacker to gain unauthorized access to files on the web server.

Recommendations For Intel Security VirusScan Enterprise Linux (VSEL) versions 2.0.3 and earlier, update to a version that includes the necessary input validation fixes to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2017-00615

CVE-2016-8017

Affected Products

Virusscan Enterprise Linux

PT-2017-1475 · Intel Security · Virusscan Enterprise Linux

CVE-2016-8017

Weakness Enumeration

Related Identifiers

Affected Products

References · 8