CVE CyberSecurity Database News

CVE-2024-55579 - Unprivileged User Gains Access to Arbitrary EXE Execution in Qlik Sense Enterprise for Windows

Poster -

A critical vulnerability has been identified in the Qlik Sense Enterprise for Windows software with the CVE identifier of CVE-2024-55579. The issue was discovered in versions before the November 2024 Intermediate Release (IR). This vulnerability allows an unprivileged user with network access to create connection objects, which in turn could trigger the execution of arbitrary EXE files. This poses a significant security risk to organizations using Qlik Sense Enterprise for Windows.

The Qlik Sense Enterprise development team has since fixed this vulnerability in several patch releases: November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.

Exploit Details

The vulnerability allows a low privileged user to create connection objects with arbitrary EXE files. Here's a code snippet showing how a malicious attacker might exploit this vulnerability:

qlik_sense_connection_object exploit = new qlik_sense_connection_object();
exploit.filename = "C:\\maliciousfolder\\maliciousfile.exe";
exploit.permissions = "execute";
qlik_sense_server.add_connection_object(exploit);

By creating a connection object with a malicious executable, the attacker triggers arbitrary code execution when this connection object is used. This could lead to data breaches, unauthorized access, or other security compromises.

Original Reference

The vulnerability was originally discovered and reported by the Qlik Sense security research team. You can find more details on this vulnerability, including its severity and specific recommendations for mitigating it, in the official Qlik Sense security bulletin: Qlik Sense Security Bulletin: CVE-2024-55579

Fixes and Patches

To ensure the security of your Qlik Sense Enterprise environment, it's essential to update your software to one of the patched versions mentioned above as soon as possible. The patched versions can be downloaded from Qlik Sense's official website: Qlik Sense Download Center

If upgrading is not an immediate option, consider implementing strict access control on critical resources, closely monitoring network activity, and isolating the Qlik Sense environment from untrusted users.

Conclusion

CVE-2024-55579 is a critical vulnerability in Qlik Sense Enterprise for Windows that allows unprivileged users to execute arbitrary EXE files, potentially causing severe security issues. It is crucial to ensure your software is up-to-date with the latest patched versions provided by Qlik Sense. Stay vigilant about security, keep your systems updated, and maintain restrictions on user privileges to minimize risk exposure.

Timeline

Published on: 12/09/2024 03:15:05 UTC
Last modified on: 12/10/2024 15:15:08 UTC