The US CISA has recently included two significant vulnerabilities, CVE-2024-12686 and CVE-2023-48365, in its Known Exploited Vulnerabilities (KEV) Catalog. This catalog is an essential resource for organizations to prioritize and address vulnerabilities that are actively being exploited in the wild.
CVE-2024-12686
BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS):
- Vulnerability Type: Command Injection
- Severity: Medium (CVSS Score: 6.6)
- Description: This vulnerability allows an attacker with existing administrative privileges to inject commands that run as a site user. It specifically affects the command parsing mechanism in BeyondTrust’s PRA and RS products.
- Exploitation Details: Attackers can exploit this flaw by injecting specially crafted commands into the system, bypassing typical security controls and gaining unauthorized access. This could lead to further exploitation of the affected systems, potentially compromising sensitive data and functionalities.
- Impact: Once exploited, this vulnerability can lead to unauthorized command execution, compromising the integrity and confidentiality of the system.
CVE-2023-48365
Qlik Sense Enterprise for Windows:
- Vulnerability Type: HTTP Tunneling Vulnerability
- Severity: Critical (CVSS Score: 9.9)
- Description: Due to improper validation of HTTP headers, a remote attacker can elevate their privileges by tunneling HTTP requests. This vulnerability allows attackers to send specially crafted HTTP requests, which are then executed on the backend server.
- Exploitation Details: Attackers exploit this vulnerability by sending crafted HTTP requests that exploit the improper validation. This can allow them to gain elevated privileges, execute arbitrary code, or further compromise the server’s security.
- Impact: Successful exploitation can lead to full system compromise, data breaches, and severe disruptions to the affected services.
The US CISA orders federal agencies to fix this vulnerability by February 3, 2025.
Conclusion
The inclusion of CVE-2024-12686 and CVE-2023-48365 in the KEV Catalog highlights the critical importance of timely vulnerability management. By addressing these known exploited vulnerabilities, organizations can significantly reduce the risk of cyberattacks and protect their systems and data from potential threats.
