CVE-2016-8022

HIGH

McAfee VirusScan Enterprise Linux < 2.0.3 - Authentication Bypass via Crafted Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-8022. PoCs published by Andrew Fasano.

AI-analyzed exploit summary This exploit chains multiple vulnerabilities (CVE-2016-8016 to CVE-2016-8025) in McAfee ePolicy Orchestrator to achieve remote code execution as root. It cracks authentication cookies, manipulates update servers, and executes arbitrary payloads via SQL injection and file write vulnerabilities.

Description

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andrew Fasano · pythonremotelinux

https://www.exploit-db.com/exploits/40911

View Code ZIP pw:eip

This exploit chains multiple vulnerabilities (CVE-2016-8016 to CVE-2016-8025) in McAfee ePolicy Orchestrator to achieve remote code execution as root. It cracks authentication cookies, manipulates update servers, and executes arbitrary payloads via SQL injection and file write vulnerabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: McAfee ePolicy Orchestrator (versions affected by CVE-2016-8016 to CVE-2016-8025)

No auth needed

Prerequisites: Network access to the target · Ability to host a malicious update server · Payload script (payload.sh)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94823

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037433

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10181

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40911/

Scores

CVSS v3 7.5

EPSS 0.1329

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (2)

Intel/VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

mcafee/virusscan_enterprise < 2.0.3

Published Mar 14, 2017

Tracked Since Feb 18, 2026