Telerik Report Server Flaw May Let Attackers Create Rogue Admin Accounts

Jun 04, 2024NewsroomServer Safety / Vulnerability

Progress Software program has rolled out updates to deal with a important safety flaw impacting the Telerik Report Server that could possibly be doubtlessly exploited by a distant attacker to bypass authentication and create rogue administrator customers.

The problem, tracked as CVE-2024-4358, carries a CVSS rating of 9.8 out of a most of 10.0.

“In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability,” the corporate mentioned in an advisory.

The shortcoming has been addressed in Report Server 2024 Q2 (10.1.24.514). Sina Kheirkhah of Summoning Crew, who’s credited with discovering and reporting the flaw, described it as a “very simple” bug that could possibly be exploited by a “remote unauthenticated attacker to create an administrator user and login.”

Moreover updating to the newest model, Progress Software program is urging clients to overview their Report Server’s customers listing for the presence of any new Native customers that they might haven’t added.

Cybersecurity

As momentary workarounds till the patches could be utilized, customers are being requested to implement a URL Rewrite mitigation approach to take away the assault floor within the Web Info Providers (IIS) server.

The event arrives a little bit over a month after Progress remediated one other high-severity flaw impacting the Telerik Report Server (CVE-2024-1800, CVSS rating: 8.8) that requires an authenticated distant attacker to execute arbitrary code on affected installations.

router

In a hypothetical assault situation, a malicious actor may vogue CVE-2024-4358 and CVE-2024-1800 into an exploit chain with the intention to sidestep authentication and execute arbitrary code with elevated privileges.

With vulnerabilities in Telerik servers actively exploited by risk actors prior to now, it is crucial that customers take steps to replace to the newest model as quickly as attainable to mitigate potential threats.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Hackers Use Microsoft MSC Information to Deploy Obfuscated Backdoor in Pakistan Assaults

Dec 17, 2024Ravie LakshmananCyber Assault / Malware A brand new...

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...