Progress warns of critical RCE bug in Telerik Report Server

Progress warns of critical RCE bug in Telerik Report Server

July 25, 2024 at 11:49AM

Progress Software has issued a warning to patch a critical remote code execution security flaw in the Telerik Report Server, impacting Report Server 2024 Q2 and earlier. This vulnerability allows attackers to gain remote code execution on unpatched servers. Progress advises upgrading to version 2024 Q2 (10.1.24.709) or later, offering temporary mitigation measures for immediate protection.

The meeting notes highlight a critical remote code execution security flaw in the Telerik Report Server, tracked as CVE-2024-6327, impacting versions prior to 2024 Q2 (10.1.24.709). Progress Software has warned customers to patch this vulnerability by updating to version 2024 Q2 (10.1.24.709) or later to remove the risk of exploitation. Admins are advised to check the server version through the Report Server web UI and apply temporary mitigation measures if immediate upgrade is not feasible.

Additionally, the notes underscore the potential risks associated with unpatched server vulnerabilities, citing past instances where other Telerik flaws have been exploited by threat groups, emphasizing the importance of timely security updates and vigilance in monitoring and addressing such vulnerabilities.

Full Article