Login Sign Up

CVE-2017-11197

7.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in CyberArk Viewfinity allows low-privilege users to escalate to administrative privileges by exploiting a bug in the 'add printer' functionality. It affects CyberArk Viewfinity versions 5.5.10.95 and 6.x before 6.1.1.220. Organizations using these versions are vulnerable to privilege escalation attacks.

💻 Affected Systems

Products:
  • CyberArk Viewfinity
Versions: 5.5.10.95 and 6.x before 6.1.1.220
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires low-privilege user access to the Viewfinity console interface.

📦 What is this software?

Viewfinity by Cyberark

View all CVEs affecting Viewfinity →

Viewfinity by Cyberark

View all CVEs affecting Viewfinity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with low-privilege access gains full administrative control over the Viewfinity system, potentially compromising the entire privileged access management infrastructure.

🟠

Likely Case

Malicious insider or compromised low-privilege account escalates to admin, enabling further lateral movement and data exfiltration.

🟢

If Mitigated

With proper network segmentation and least privilege controls, impact is limited to the affected Viewfinity system only.

🌐 Internet-Facing: LOW - This typically requires authenticated access to the Viewfinity console.
🏢 Internal Only: HIGH - Internal users with low privileges can exploit this to gain administrative access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID: 42319). Requires authenticated low-privilege access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.1.220 or later

Vendor Advisory: http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf

Restart Required: Yes

Instructions:

1. Download Viewfinity version 6.1.1.220 or later from CyberArk support portal. 2. Backup current configuration. 3. Install the update following CyberArk's upgrade documentation. 4. Restart the Viewfinity service.

🔧 Temporary Workarounds

Restrict Printer Management Access

windows

Remove 'add printer' permissions from low-privilege users via Viewfinity policy management.

Use Viewfinity console to modify user/group permissions and remove printer management capabilities

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Viewfinity systems from critical infrastructure
  • Enforce least privilege access controls and regularly audit user permissions

🔍 How to Verify

Check if Vulnerable:

Check Viewfinity version in console or registry: HKEY_LOCAL_MACHINE\SOFTWARE\CyberArk\Viewfinity\Version

Check Version:

reg query "HKLM\SOFTWARE\CyberArk\Viewfinity" /v Version

Verify Fix Applied:

Verify version is 6.1.1.220 or later and test that low-privilege users cannot escalate via printer functions.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events
  • Multiple failed then successful admin login attempts from low-privilege accounts
  • Printer configuration changes by non-admin users

Network Indicators:

  • Unusual RPC/DCOM traffic to Viewfinity systems from unexpected sources

SIEM Query:

source="Viewfinity" AND (event_type="privilege_escalation" OR (user_role="low" AND action="admin_login"))

📊 Metadata

CVE ID: CVE-2017-11197
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: May 3, 2023
Last Updated: January 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON