June 14, 2024 at 06:39AM
CISA warns federal agencies of ongoing exploitation of CVE-2024-4358, a recently patched authentication bypass vulnerability in Progress Software’s Telerik Report Server. The bug allows attackers to create a new administrator user, manipulate authentication tokens, and achieve remote code execution. CISA urges identifying and mitigating vulnerable instances within three weeks.
Key Takeaways from Meeting Notes:
1. The US cybersecurity agency CISA has warned federal agencies of the ongoing exploitation of an authentication bypass vulnerability in Progress Software’s Telerik Report Server, tracked as CVE-2024-4358 with a CVSS score of 9.8.
2. The vulnerability allows an attacker to create a new administrator user and manipulate authentication tokens to impersonate legitimate users without valid credentials, potentially leading to remote code execution.
3. Progress Software has released a patch for the security defect in Telerik Report Server version 2024 Q2 (10.1.24.514) on May 30.
4. CISA has added CVE-2024-4358 to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to identify vulnerable instances and apply recommended mitigations within three weeks, as per Binding Operational Directive (BOD) 22-01.
5. All organizations are advised to identify similar vulnerabilities in their networks and take recommended remediation steps promptly, in line with CISA’s guidance.
6. The vulnerability could be chained with other issues in the Report Server, such as CVE-2024-1800, to achieve remote code execution, making it a high-risk concern for affected organizations.
Please let me know if you need any further information or if there are any specific actions to be taken based on these takeaways.