Headline
Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code
Software Security / Vulnerability
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution.
The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier.
“In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability,” the company said in an advisory.
Deserialization flaws occur when an application reconstructs untrusted data that an attacker has control over without adequate validation in place, resulting in the execution of unauthorized commands.
Progress Software said the flaw has been addressed in version 10.1.24.709. As temporary mitigation, it’s recommended to change the user for the Report Server Application Pool to one with limited permission.
Administrators can check if their servers are vulnerable to attacks by going through these steps -
- Go to the Report Server web UI and log in using an account with administrator rights
- Open the Configuration page (~/Configuration/Index).
- Select the About tab and the version number will be displayed in the pane on the right.
The disclosure comes nearly two months after the company patched another critical shortcoming in the same software (CVE-2024-4358, CVSS score: 9.8) that could be abused by a remote attacker to bypass authentication and create rogue administrator users.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with administrative privileges. The USERNAME datastore option can be used to authenticate with an existing account to prevent the creation of a new one. The deserialization flaw works by uploading a specially crafted report that when loaded will execute an OS command as NT AUTHORITY\SYSTEM. The module will automatically delete the created report but not the account because users are unable to delete themselves.