Security News > 2023 > December > Qlik Sense flaws exploited in Cactus ransomware campaign

Qlik Sense flaws exploited in Cactus ransomware campaign
2023-12-01 12:08

Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned.

Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and enterprises.

Attackers wielding Cactus ransomware have previously been seen breaching large commercial organizations by exploiting vulnerabilities in VPN appliances.

"Based on patch level Qlik Sense is likely being exploited either via the combination or direct abuse of CVE-2023-41266, CVE-2023-41265 or potentially CVE-2023-48365 to achieve code execution," Arctic Wolf Labs researchers shared.

"The Qlik Sense vulns were discovered in August and September by Praetorian, an InfoSec vendor - unfortunately they published a full exploit chain, which the ransomware group has lifted wholesale," security researcher Kevin Beaumont noted.

Beaumont says that he has seen another ransomware group exploiting Qlik Sense.


News URL

https://www.helpnetsecurity.com/2023/12/01/qlik-sense-cactus-ransomware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-48365 HTTP Request Smuggling vulnerability in Qlik Sense
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683.
network
low complexity
qlik CWE-444
critical
 9.9
9.9
2023-08-29 CVE-2023-41266 Improper Input Validation vulnerability in Qlik Sense
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session.
network
low complexity
qlik CWE-20
6.5
6.5
2023-08-29 CVE-2023-41265 HTTP Request Smuggling vulnerability in Qlik Sense
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request.
network
low complexity
qlik CWE-444
critical
 9.9
9.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qlik 5 0 5 2 2 9