Progress patched a important authentication bypass flaw impacting its Telerik Report Server. The vulnerability appeared after Progress tried to handle one other vulnerability however an authorization bypass turned doable. Customers should guarantee updating to the newest launch to obtain the repair.
PoC Shared For Progress Telerik Report Server Flaw
In accordance with a latest post from the safety researcher Sina Kheirkhah, Kheirkhah, along with one other researcher Soroush Dalili, developed an exploit for a patched vulnerability in Progress Telerik Report Server.
As defined, the vulnerability, now recognized as CVE-2024-4358, is principally an authentication bypass in a beforehand reported flaw CVE-2024-1800.
Concerning CVE-2024-1800, this vulnerability made it to the information when Progress disclosed it as a distant code execution vulnerability. In accordance with the ZDI’s advisory, the difficulty appeared due to insecure deserialization, and exploiting this vulnerability required authentication.
This flaw acquired initially acquired a CVSS rating of 8.8, and it affected Telerik Report Server variations previous to 2024 Q1 (10.0.24.130). Progress deployed a patch for it with Report Server 2024 Q1 (10.0.24.305), asking customers to improve to this or later variations.
Nonetheless, the 2 researchers devised a option to bypass this authentication restriction, ultimately elevating its CVSS to 9.9, and receiving a brand new identification, CVE-2024-4358.
Particularly, they noticed a flaw within the implementation of Register technique. Due to an absence of validation for the present set up setup, an unauthenticated adversary may exploit the flaw, receiving “System Administrator” privileges.
As soon as an adversary good points admin privileges, exploiting the deserialization challenge to attain full RCE turns into trivial.
The researcher has defined the technical particulars concerning the vulnerabilities, alongside sharing the PoC exploit, in his publish.
Progress Patched The Vulnerability
Following the accountable disclosure from the researchers, Progress patched the vulnerability and shared an in depth advisory to assist the customers patch their programs.
As elaborated, the vulnerability affected the Report Server model 2024 Q1 (10.0.24.305), which the distributors patch with the discharge of Report Server 2024 Q2 (10.1.24.514). To keep away from potential exploits, customers should guarantee updating to this, or later Report Server variations.
Nonetheless, the place making use of an instantaneous replace isn’t doable, Progress recommends implementing URL rewrite approach as short-term mitigation.
As well as, additionally they suggested customers to search for any new native accounts within the Report Server customers’ listing by way of {host}/Customers/Index to make sure no malicious accounts exist.
Tell us your ideas within the feedback.
