Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)

Qualys Security Advisory

A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.

The security researcher who discovered the vulnerability released a PoC explaining the method of exploitation. The write-up explains that the exploitation is possible by combining two flaws, an authentication bypass and a deserialization flaw (CVE-2024-1800), to perform code execution on the target.

Telerik Report Server is an end-to-end report management solution that helps transform raw data into actionable business insights and then stores and distributes these insights within the business.

Affected Versions

The vulnerability impacts Telerik Report Server version 2024 Q1 (10.0.24.305) and prior.

Mitigation

Customers must upgrade to Telerik Report Server version 2024 Q2 (10.1.24.514) or later to patch the vulnerability.

For more information, please refer to the Progress Telerik Security Advisory. 

Qualys Detection

Qualys customers can scan their devices with QID 731570 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://github.com/sinsinology/CVE-2024-4358
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *