CVE-2016-8016

Vulnerability

CVE-2016-8016 is an information exposure vulnerability in the web interface of Intel Security VirusScan Enterprise Linux (VSEL) version 2.0.3 and earlier. An authenticated remote attacker can leverage a URL parameter to test for the existence of arbitrary files on the system. The official description requires authentication, though the referenced exploit [1] suggests the attack may be possible without authentication when chained with other vulnerabilities.

Exploitation

An attacker must have valid credentials to the VSEL web interface. By crafting a specific HTTP request with a manipulated URL parameter, the attacker can probe for the existence of files outside the intended scope. The exploit script provided in [1] demonstrates how this check can be integrated into a larger attack chain that includes authentication bypass and privilege escalation.

Impact

Successful exploitation allows the attacker to determine whether a given file exists on the target system. This information disclosure can aid in reconnaissance for further attacks, but does not directly enable file reading, modification, or code execution.

Mitigation

No fix was mentioned in the available references [1]. Users of VSEL 2.0.3 and earlier should contact Intel Security (now McAfee) for updated versions. This CVE is not listed on the CISA Known Exploited Vulnerabilities catalog.