Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Privilege Escalation via CyberArk Viewfinity - exploit.company
header-logo
Suggest Exploit
vendor:
Viewfinity
by:
Eric Guillen aka geoda
7.8
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Viewfinity
Affected Version From: Viewfinity version 5.5 (5.5.10.95)
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2017-11197
CPE: cyberark:viewfinity:5.5.10.95
Metasploit:
Other Scripts:
Platforms Tested: Windows 7 and Windows 10
2017

Privilege Escalation via CyberArk Viewfinity <= 5.5 (5.5.10.95)

This vulnerability allows a low privilege user to escalate to an administrative user via a bug within the Viewfinity "add printer" option.

Mitigation:

Vendor has been notified of this vulnerability and has been addressed in the agent v6.1.1.220.
Source

Exploit-DB raw data:

# Exploit Title: Privilege Escalation via CyberArk Viewfinity <= 5.5 (5.5.10.95)
# Date: Found June 2017
# Vendor Homepage: https://www.cyberark.com/ 
# Version: Viewfinity version 5.5 (5.5.10.95)
# Exploit Author: Eric Guillen aka geoda
# Contact: https://twitter.com/ericsguillen
# Website: https://geodasecurity.blogspot.com/
# Tested on: Windows 7 and Windows 10
# CVE: CVE-2017-11197
# Category: Privilege Escalation

1. Description

Viewfinity allows the business to "effectively minimize local administrator privileges and control applications on endpoints and servers"

This vulnerability allows a low privilege user to escalate to an administrative user via a bug within the Viewfinity "add printer" option.

2. Proof of Concept

First, verify you are a low privilege user by running the command "net session" in a CMD prompt. Net session displays information about all sessions with the local computer. The user will get Access is denied if they do not have Administrative privileges. 

1. On the system tray, right click on Viewfinity and "Open Viewfinity Control Panel..."
2. Click "Add Printer"
3. Click "Add a network, wireless or Bluetooth printer"
4. Click "The printer that I want isn't listed"
5. Click "Select a shared printer by name"
6. Click the "Browse..." icon
7. Directly in the browser window, search for "C:\windows\system32\cmd.exe" and press <Enter>
8. This will spawn a new CMD prompt. Verify you are now Administrator by typing in "net session"

3. Solution

Vendor has been notified of this vulnerability and has been addressed in the agent v6.1.1.220. Although untested, this vulnerability could be present prior to v6.1.1.220

Navigation

Suggest Exploit

Services By CQR

cqrsecured