-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
76 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
--- | ||
layout: case | ||
title: Qlik Sense Remote Code Execution | ||
excerpt: "Multiple unauthenticated remote code execution vulnerabilities in Qlik Sense" | ||
author: Ralph Horn | ||
lead: Ralph Horn | ||
researchers: | ||
- Fox-IT | ||
- Alwin Warringa | ||
- Ralph Horn | ||
- Frank Breedijk | ||
cves: | ||
- CVE-2023-41265 | ||
- CVE-2023-41266 | ||
- CVE-2023-48365 | ||
product: | ||
- Qlik Sense | ||
versions: | ||
- All versions prior to and including | ||
- August 2023 Patch 1 | ||
- May 2023 Patch 5 | ||
- February 2023 Patch 9 | ||
- November 2022 Patch 11 | ||
- August 2022 Patch 13 | ||
- May 2022 Patch 15 | ||
- February 2022 Patch 14 | ||
- November 2021 Patch 16 | ||
recommendation: "Upgrade to a Qlik Sense version where the issue is fixed. The issue is fixed in the following versions: August 2023 Patch 1, May 2023 Patch 5, February 2023 Patch 9,November 2022 Patch 11,August 2022 Patch 13, May 2022 Patch 15, February 2022 Patch 14, November 2021 Patch 16" | ||
patch_status: Released | ||
status : Open | ||
start: 2024-04-19 | ||
end: | ||
timeline: | ||
- start: 2023-08-29 | ||
end: | ||
event: "Qlik advisory released regarding to two vulnerabilities which result in a remote code execution vulnerability when combined." | ||
- start: 2023-09-20 | ||
end: | ||
event: "Second Qlik advisory updated for CVE-2023-48365 which serves as a bypass for the previous two CVE's" | ||
- start: 2024-04-19 | ||
end: | ||
event: "DIVD starts notifying previously fingerprinted vulnerabilities." | ||
#ips: 0 | ||
|
||
--- | ||
## Summary | ||
|
||
A set of remote code execution vulnerabilities was reported for Qlik Sense in 2023. DIVD is rescanning previously known vulnerable instances in an effort to increase patch rates. Not patching the device might result in a compromised Qlik Sense, which in turn could result in attacks such as leaked data or ransomware as described in a [blog by Arctic Wolf](https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/). | ||
|
||
|
||
|
||
## Recommendations | ||
|
||
Qlik recommends to upgrade to at least a version where the issue is fixed: | ||
* August 2023 Patch 2 | ||
* May 2023 Patch 6 | ||
* February 2023 Patch 10 | ||
* November 2022 Patch 12 | ||
* August 2022 Patch 14 | ||
* May 2022 Patch 16 | ||
* February 2022 Patch 15 | ||
* November 2021 Patch 17 | ||
|
||
|
||
## What we are doing | ||
|
||
DIVD is currently identifying vulnerable instances and notifying the owners of these systems. | ||
|
||
{% comment %} Leave this here, so we see a timeline {% endcomment %} | ||
{% include timeline.html %} | ||
|
||
## More information | ||
* [Arctic Wolf blog](https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/) | ||
* [Arctic Wolf Advisory](https://arcticwolf.com/resources/blog/cve-2023-41265-cve-2023-41266-cve-2023-48365/) | ||
* [Qlik Advisory](https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2120325) | ||
* [Praetorian Blog](https://www.praetorian.com/blog/doubleqlik-bypassing-the-original-fix-for-cve-2023-41265/) |