June 3, 2024 at 02:01PM
Researchers have demonstrated a chained remote code execution vulnerability on Progress Telerik Report Servers. The exploit, developed by Sina Kheirkha with assistance from Soroush Dalili, involves an authentication bypass and deserialization issue. Urgent updates (Telerik Report Server 2024 Q2 10.1.24.514 or later) are recommended. Progress Software’s history warrants prompt action due to previous cyber attacks.
The meeting notes provide a detailed summary of a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. The exploit was developed by cybersecurity researchers Sina Kheirkha and Soroush Dalili. It exploits two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
The first flaw, tracked as CVE-2024-4358 (CVSS score: 9.8), allows the creation of admin accounts without checks. This was addressed via an update released on May 15, and system administrators are advised to review their Report Server’s users list for any new local users.
The second flaw, CVE-2024-1800 (CVSS score: 8.8), is a deserialization issue that allows remote authenticated attackers to execute arbitrary code on vulnerable servers. Progress released a security update for it on March 7, 2024, and organizations are advised to upgrade to version 10.1.24.514 or later to address both flaws.
It’s important to note that despite no reports of active exploitation of CVE-2024-4358, organizations are urged to apply the available updates as soon as possible. The meeting notes also highlight the significance of addressing these critical flaws due to the historical impact of previous attacks on Progress Software products.
Overall, the key takeaway is the urgent need for system administrators to apply the available updates and review the users list for any unauthorized accounts, as well as the historical context provided to emphasize the importance of addressing these critical vulnerabilities.