Article Details
Scrape Timestamp (UTC): 2024-06-04 14:50:39.864
Source: https://thehackernews.com/2024/06/telerik-report-server-flaw-could-let.html
Original Article Text
Click to Toggle View
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts. Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability," the company said in an advisory. The shortcoming has been addressed in Report Server 2024 Q2 (10.1.24.514). Sina Kheirkhah of Summoning Team, who is credited with discovering and reporting the flaw, described it as a "very simple" bug that could be exploited by a "remote unauthenticated attacker to create an administrator user and login." Besides updating to the latest version, Progress Software is urging customers to review their Report Server's users list for the presence of any new Local users that they may have not added. As temporary workarounds until the patches can be applied, users are being asked to implement a URL Rewrite mitigation technique to remove the attack surface in the Internet Information Services (IIS) server. The development arrives a little over a month after Progress remediated another high-severity flaw impacting the Telerik Report Server (CVE-2024-1800, CVSS score: 8.8) that requires an authenticated remote attacker to execute arbitrary code on affected installations. In a hypothetical attack scenario, a malicious actor could fashion CVE-2024-4358 and CVE-2024-1800 into an exploit chain in order to sidestep authentication and execute arbitrary code with elevated privileges. With vulnerabilities in Telerik servers actively exploited by threat actors in the past, it's imperative that users take steps to update to the latest version as soon as possible to mitigate potential threats. Continuous Attack Surface Discovery & Penetration Testing Continuously discover, prioritize, & mitigate exposures with evidence-backed ASM, Pentesting, and Red Teaming.
Daily Brief Summary
Progress Software has issued updates for a critical vulnerability in Telerik Report Server, which could let attackers bypass authentication.
Tracked as CVE-2024-4358, this flaw has a high severity score of 9.8 and affects versions up to 2024 Q1 (10.0.24.305).
The vulnerability enables remote, unauthenticated attackers to create rogue administrator accounts and access restricted server functionalities.
The updated version, Report Server 2024 Q2 (10.1.24.514), addresses this vulnerability.
Progress Software advises customers to check their servers for unauthorized local users and update their systems immediately.
As a part of the mitigation efforts, Progress Software recommends implementing a URL Rewrite technique on IIS servers to reduce vulnerability.
This flaw was discovered a little over a month after another significant vulnerability in Telerik Report Server was patched.
Given past exploits targeting Telerik servers, updating to secured versions and continuous monitoring are crucial for preventing potential breaches.