Pierluigi Paganini
July 25, 2024
Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes.
Progress Software addressed a critical remote code execution flaw, tracked as CVE-2024-6327 (CVSS score of 9.9), in the Telerik Report Server that can be exploited to compromise vulnerable devices.
“In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.” reads the report published by the company. “Updating to Report Server 2024 Q2 (10.1.24.709) or later is the only way to remove this vulnerability. The Progress Telerik team strongly recommends performing an upgrade to the latest version listed in the table below.”
The critical flaw is due to deserialization of untrusted data issue.
The flaw impacts Report Server 2024 Q2 (10.1.24.514) and earlier, the version 2024 Q2 (10.1.24.709) addressed the vulnerability.
To mitigate this issue temporarily, change the user for the Report Server Application Pool to one with limited permissions.
Progress has not revealed if the vulnerability CVE-2024-6327 has been exploited in the wild.
In June, researchers published a proof-of-concept (PoC) exploit code for another authentication bypass vulnerability, tracked CVE-2024-1800 (CVSS score: 8.8), on Progress Telerik Report Servers.
An unauthenticated attacker can exploit the flaw to gain access Telerik Report Server restricted functionality via an authentication bypass vulnerability.
The researchers demonstrated how to create an admin account by exploiting the bypass flaw CVE-2024-4358.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Telerik Report Server)
