www.belgium.be Logo of the federal government

WARNING: NEW VULNERABILITY IN QLIK SENSE ENTERPRISE FOR WINDOWS, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-72
Version: 
Qlik Sense Enterprise for Windows, versions prior to and including:
Affected software: 
February 2024 Patch 3
November 2023 Patch 8
August 2023 Patch 13
May 2023 Patch 15
February 2023 Patch 13
November 2022 Patch 13
August 2022 Patch 16
May 2022 Patch 17
Type: 
Elevation of privilege that can lead to RCE
CVE/CVSS: 

CVE-2024-36077:CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Sources

https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509

Risks

A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available. If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including remote code execution (RCE).

The impact on Confidentiality, Integrity and Availability is High.

Although this vulnerability has not yet been observed being exploited in the wild, previous vulnerabilities in Qlik Sense have been abused to deliver Cactus ransomware. reference: https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/

Urgent patching is advised!

Description

Qlik Sense Enterprise for Windows allows a remote attacker with existing privileges to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-36077#:~:text=Description,execute%20commands%20on%20the%20server.