Security News > 2023 > December > Qlik Sense flaws exploited in Cactus ransomware campaign
Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned.
Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and enterprises.
Attackers wielding Cactus ransomware have previously been seen breaching large commercial organizations by exploiting vulnerabilities in VPN appliances.
"Based on patch level Qlik Sense is likely being exploited either via the combination or direct abuse of CVE-2023-41266, CVE-2023-41265 or potentially CVE-2023-48365 to achieve code execution," Arctic Wolf Labs researchers shared.
"The Qlik Sense vulns were discovered in August and September by Praetorian, an InfoSec vendor - unfortunately they published a full exploit chain, which the ransomware group has lifted wholesale," security researcher Kevin Beaumont noted.
Beaumont says that he has seen another ransomware group exploiting Qlik Sense.
News URL
https://www.helpnetsecurity.com/2023/12/01/qlik-sense-cactus-ransomware/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-15 | CVE-2023-48365 | HTTP Request Smuggling vulnerability in Qlik Sense Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. | 9.9 |
2023-08-29 | CVE-2023-41266 | Path Traversal vulnerability in Qlik Sense A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. | 6.5 |
2023-08-29 | CVE-2023-41265 | HTTP Request Smuggling vulnerability in Qlik Sense An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. | 9.9 |