Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
Progress Software urges users to update their Telerik Report Server instances. A critical security flaw could allow remote code execution.
This vulnerability, known as CVE-2024-6327, has a CVSS score of 9.9. It affects Report Server version 2024 Q2 (10.1.24.514) and earlier.
“In Progress Telerik Report Server versions before 2024 Q2 (10.1.24.709), a remote code execution attack is possible due to an insecure deserialization vulnerability,” the company stated in an advisory.
Deserialization flaws occur when an application reconstructs untrusted data without proper validation. This allows attackers to execute unauthorized commands.
Progress Software has addressed the flaw in version 10.1.24.709. As a temporary fix, they recommend changing the user for the Report Server Application Pool to one with limited permissions.
Administrators can check for vulnerability by following these steps:
- Log in to the Report Server web UI with an administrator account.
- Open the Configuration page (~/Configuration/Index).
- Select the About tab to view the version number on the right pane.
This disclosure comes nearly two months after Progress Software patched another critical vulnerability in the same software (CVE-2024-4358, CVSS score: 9.8). That flaw allowed remote attackers to bypass authentication and create rogue administrator users.
On June 13, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation.
Source: https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html
Check out our other articles at https://blog.phoenixbackups.com/