The Cybersecurity and Infrastructure Security Agency (CISA) has issued critical alerts regarding newly discovered vulnerabilities in BeyondTrust Privileged Remote Access (PRA) and Qlik Sense Enterprise, two widely used enterprise security and analytics platforms. These flaws could allow attackers to execute remote code, bypass authentication, and gain unauthorized access to sensitive systems.

Critical Flaws in BeyondTrust PRA

CISA has added CVE-2024-23305 to its Known Exploited Vulnerabilities (KEV) catalog, a severe OS command injection vulnerability in BeyondTrust PRA. This flaw, with a CVSS score of 9.8 (Critical), affects versions before 23.2.1 and allows unauthenticated attackers to execute arbitrary commands with SYSTEM privileges through crafted HTTP requests.

  • Impact: Full system compromise possible
  • Affected Versions: All versions prior to 23.2.1
  • Mitigation: Immediate upgrade to 23.2.1 or later

Security researchers note this vulnerability is particularly dangerous because it requires no authentication and provides immediate administrative access to affected systems.

Qlik Sense HTTP Tunneling Vulnerability

Simultaneously, CISA warned about CVE-2023-41266 in Qlik Sense Enterprise, a high-severity (CVSS 8.0) HTTP tunneling flaw that could allow attackers to bypass security restrictions and gain unauthorized access to internal network resources.

  • Impact: Potential data exfiltration and lateral movement
  • Affected Versions: Qlik Sense Enterprise for Windows before August 2023
  • Solution: Apply the August 2023 security patch

Why These Vulnerabilities Matter

These vulnerabilities represent significant risks because:

  1. Both products are enterprise-grade solutions used by Fortune 500 companies
  2. BeyondTrust specializes in privileged access management - the very systems designed to prevent breaches
  3. Qlik Sense handles sensitive business intelligence data
  4. Evidence suggests both vulnerabilities may already be under active exploitation

For BeyondTrust PRA users:

  • Immediately upgrade to version 23.2.1 or later
  • Monitor for suspicious HTTP requests to /login.aspx
  • Restrict network access to PRA interfaces

For Qlik Sense Enterprise customers:

  • Apply the August 2023 security updates
  • Review all HTTP tunneling configurations
  • Implement network segmentation for Qlik Sense servers

The Bigger Picture

These alerts continue a troubling trend of vulnerabilities in enterprise security products themselves becoming attack vectors. In 2023 alone, CISA added over 800 vulnerabilities to its KEV catalog, with privileged access management tools increasingly targeted by advanced persistent threat (APT) groups.

Security experts recommend:

  • Implementing a formal patch management program
  • Conducting regular vulnerability assessments
  • Assuming breach posture for critical systems
  • Monitoring CISA's KEV catalog weekly

As these vulnerabilities demonstrate, even security products require rigorous security oversight. Organizations using either affected product should treat these warnings with utmost urgency given the potential for devastating supply chain attacks.