CVE-2024-29863 is a race condition vulnerability identified in the installer executable of Qlik QlikView software versions before May 2022 SR3 (12.70.20300) and May 2023 SR2 (12.80.20200). The flaw arises from improper synchronization during the installation process, which can be exploited by a lower privileged user on a Windows system to execute arbitrary code with elevated Windows Administrator privileges. This race condition (CWE-362) allows an attacker to manipulate the timing of installer operations to gain unauthorized access and control over the system. The vulnerability is local access only (AV:L), requires high attack complexity (AC:H), but only low privileges (PR:L) and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially compromised component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating potential full system compromise. Although no public exploits are currently known, the vulnerability poses a significant risk due to the privilege escalation vector it provides. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by affected organizations. QlikView is widely used in business intelligence and analytics, making this vulnerability particularly concerning for enterprises relying on these tools in Windows environments.

The vulnerability allows a lower privileged user to escalate privileges to Windows Administrator level, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, manipulation or destruction of critical information, and disruption of business operations. Attackers could install persistent malware, create backdoors, or move laterally within networks, increasing the risk of widespread damage. Organizations using affected QlikView versions in production environments face significant risks, especially those in sectors with sensitive data such as finance, healthcare, and government. The high impact on confidentiality, integrity, and availability underscores the critical nature of this vulnerability. The requirement for local access limits remote exploitation but does not diminish the threat in environments where multiple users share systems or where insider threats exist.

1. Monitor Qlik’s official channels for patches and apply updates to May 2022 SR3 (12.70.20300) or later, or May 2023 SR2 (12.80.20200) or later as soon as they become available. 2. Restrict access to systems running QlikView installers to trusted administrators only, minimizing the number of users with local access. 3. Implement strict file system permissions and execution policies to prevent unauthorized users from running or manipulating installer executables. 4. Use application whitelisting to control which executables can run on critical systems. 5. Employ endpoint detection and response (EDR) solutions to monitor for unusual installer activity or privilege escalation attempts. 6. Conduct regular audits of user privileges and remove unnecessary local accounts or rights. 7. Educate users about the risks of running unauthorized installers and enforce least privilege principles. 8. Consider isolating QlikView installation and update processes to dedicated, secured administrative workstations. These steps reduce the attack surface and limit the ability of low-privileged users to exploit the race condition.