The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical security vulnerabilities being actively exploited by malicious actors. These flaws, impacting BeyondTrust’s privileged access management software and Qlik Sense Enterprise for Windows, pose significant risks to organizations across various sectors.
CVE-2024-12686 affects BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) solutions, widely used by government agencies, tech companies, and financial institutions. This vulnerability allows attackers with existing administrative privileges to inject malicious commands, potentially leading to complete system takeover.
Worryingly, this vulnerability may have been exploited as a zero-day, with attackers potentially compromising BeyondTrust systems to gain access to its customers. This suspicion arises from a recent incident involving the U.S. Treasury Department, where attackers leveraged a stolen API key to breach their BeyondTrust instance.
The second vulnerability, CVE-2023-48365, impacts Qlik Sense Enterprise for Windows and enables unauthenticated remote code execution. Attackers can exploit this flaw by manipulating HTTP headers, ultimately gaining control of the backend server.
CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the patches by February 3, 2025, to mitigate potential threats.
All organizations utilizing BeyondTrust and Qlik Sense products are strongly urged to:
- Apply the latest security patches immediately. BeyondTrust has released updates for its affected products, and Qlik Sense users should prioritize upgrading to a fixed version.
- Review system logs for suspicious activity. Early detection is crucial in mitigating the impact of these vulnerabilities.
- Implement strong access controls and multi-factor authentication. These measures can help prevent unauthorized access and limit the potential damage from exploitation.
Related Posts:
- CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution
- Okta’s Security Breach Puts Businesses on Alert
- Cactus Ransomware Targets Qlik Sense Servers
- Critical Flaws Identified in Qlik Sense Enterprise for Windows
- CVE-2024-36077: Remote Code Execution Threatens Qlik Sense Users
