Privilege Escalation thru CyberArk Viewfinity

A while ago I encountered a bug within Viewfinity 5.5 (5.5.10.95). Viewfinity is a product owned by CyberArk that provides Endpoint Privilege Management. It bolsters administrator's ability to control user privileges on corporate desktops. Below is a use case in which I was able to elevate privileges from a normal user to Admin through this product.

Step 1: Verify you are a low privilege user by running the command "net session". Net session displays information about all sessions within the local computer. The user will get Access is denied if they do not have Administrator privileges.

Then, on the system tray, right click on ViewFinity and "Open Viewfinity Control Panel..."

Click "Add Printer"

and "Add a network, wireless or Bluetooth printer"

Click "The printer that I want isn't listed"

and then browse for a new printer:

Directly in the browser window, search for C:\windows\system32\cmd.exe and press <enter>

This will spawn a new CMD prompt. Verify you are now administrator by typing "net session"

At this point, I am now running as Admin.

Below is the timeline when I reached out to vendor:
6/26/17 - Vendor responds back to email asking we begin encrypted communication and copy of report
6/26/17 - Vendor receives report, reproduces finding and forwards to R&D for analysis
6/27/17 - Vendor replies back stating this fix has been addressed in agent v6.1.1.220

I was very impressed with the response from the vendor and professionalism they took when handling the disclosure. They replied promptly and addressed the appropriate team quickly.

Hope this helps!

Till next time.

geoda