CVE-2016-8016

LOW

Intel Security VirusScan Enterprise Linux <2.0.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-8016. PoCs published by Andrew Fasano, opsxcq.

AI-analyzed exploit summary This exploit chains multiple vulnerabilities (CVE-2016-8016 to CVE-2016-8025) in McAfee ePolicy Orchestrator to achieve remote code execution as root. It cracks authentication cookies, manipulates update servers, and executes arbitrary payloads via SQL injection and file write vulnerabilities.

Description

Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Andrew Fasano · pythonremotelinux

https://www.exploit-db.com/exploits/40911

View Code ZIP pw:eip

This exploit chains multiple vulnerabilities (CVE-2016-8016 to CVE-2016-8025) in McAfee ePolicy Orchestrator to achieve remote code execution as root. It cracks authentication cookies, manipulates update servers, and executes arbitrary payloads via SQL injection and file write vulnerabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: McAfee ePolicy Orchestrator (versions affected by CVE-2016-8016 to CVE-2016-8025)

No auth needed

Prerequisites: Network access to the target · Ability to host a malicious update server · Payload script (payload.sh)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB 5 stars

by opsxcq · poc

https://github.com/opsxcq/exploit-CVE-2016-8016-25

View Code ZIP pw:eip

The repository contains only a README with descriptions of multiple CVEs affecting McAfee VirusScan Enterprise for Linux but no actual exploit code. The README explicitly states that the exploit code was removed to avoid licensing issues.

Classification

Stub 100%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: McAfee VirusScan Enterprise for Linux 2.0.3 and earlier

No auth needed

Prerequisites: none

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94823

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037433

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10181

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40911/

Scores

CVSS v3 3.4

EPSS 0.0456

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

Intel/VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

mcafee/virusscan_enterprise < 2.0.3

Published Mar 14, 2017

Tracked Since Feb 18, 2026