Critical Remote Code Execution Vulnerability in Telerik Report Server: Urgent Patch Required

July 25, 2024

Progress Software has alerted its customers to a critical remote code execution (RCE) security flaw in the Telerik Report Server. This server-based reporting platform offers centralized storage for reports and the necessary tools to create, manage, and distribute them throughout a company. The vulnerability, labeled as CVE-2024-6327, arises from a deserialization of untrusted data weakness. This can be exploited by attackers to achieve remote code execution on servers that have not been patched. The affected versions include Report Server 2024 Q2 (10.1.24.514) and earlier, with the patch available in version 2024 Q2 (10.1.24.709).

Progress Software, in a Wednesday advisory, advised, 'Updating to Report Server 2024 Q2 (10.1.24.709) or later is the only way to remove this vulnerability.' The company strongly urged users to upgrade to the latest version. Administrators can verify the vulnerability of their servers by following specific steps provided by Progress. For those unable to immediately upgrade their devices, temporary mitigation measures have been provided, including altering the Report Server Application Pool user to one with restricted permissions.

While it is not yet known if CVE-2024-6327 has been exploited in real-world scenarios, other Telerik vulnerabilities have been targeted in recent years. For example, in 2022, a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was compromised by exploiting the CVE-2019-18935 critical Progress Telerik UI vulnerability. This vulnerability is on the FBI's list of most targeted vulnerabilities and the NSA's list of top 25 security bugs exploited by Chinese hackers. Two threat groups, including the Vietnamese XE Group, breached the vulnerable server, deploying multiple malware payloads, collecting and exfiltrating information, and maintaining access to the compromised network from November 2022 to early January 2023.

More recently, security researchers created and released a proof-of-concept (PoC) exploit targeting remote code execution on Telerik Report servers. This was achieved by combining a critical authentication bypass flaw (CVE-2024-4358) and a high-severity RCE (CVE-2024-1800).

Related News

• Critical Exploit Unveiled for Progress Telerik: Immediate Patch Required
• Earth Lusca's Advanced SprySOCKS Linux Backdoor Targets Global Government Entities
• Payment Card-Skimming Campaign Expands to North America
• XE Group Cybercrime Kingpin Unveiled by Cybersecurity Researchers
• US Federal Agency Hacked Using Telerik Bug

Latest News

• Critical Docker Engine Vulnerability Bypasses Authorization Plugins
• Critical Authentication Bypass Flaw Addressed in Docker
• Cybercriminals Continue Exploiting Microsoft SmartScreen Vulnerability in Global Infostealing Campaigns
• Chinese APT Group Daggerfly Enhances Its Malware Arsenal
• CISA Adds Two More Vulnerabilities to its Exploited Flaws Catalog