### [CVE-2016-8021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8021)
![](https://img.shields.io/static/v1?label=Product&message=VirusScan%20Enterprise%20Linux%20(VSEL)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.0.3%20(and%20earlier)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20verification%20of%20cryptographic%20signature%20vulnerability&color=brightgreen)

### Description

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.

### POC

#### Reference
- https://kc.mcafee.com/corporate/index?page=content&id=SB10181
- https://www.exploit-db.com/exploits/40911/

#### Github
- https://github.com/opsxcq/exploit-CVE-2016-8016-25