CVE-2016-2288

HIGH

Cogent DataHub < 7.3.9 - Privilege Escalation via File Modification

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2288. PoCs published by mr_me.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Cogent DataHub by placing a malicious Gamma Script file in a specific directory, which is then executed by the service running as SYSTEM. The script spawns a command to launch calc.exe as a proof of concept.

Description

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · localwindows

https://www.exploit-db.com/exploits/39630

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Cogent DataHub by placing a malicious Gamma Script file in a specific directory, which is then executed by the service running as SYSTEM. The script spawns a command to launch calc.exe as a proof of concept.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Cogent DataHub <= 7.3.9

No auth needed

Prerequisites: Write access to C:\usr\cogent\require\ · Cogent DataHub service running as SYSTEM

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39630/

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01

Scores

CVSS v3 7.8

EPSS 0.0133

EPSS Percentile 67.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (1)

cogentdatahub/cogent_datahub < 7.3.9

Published Mar 29, 2016

Tracked Since Feb 18, 2026