Remote Code Execution Vulnerability in Telerik Report Server

CVE-2024-1800

Summary

The CVE-2024-1800 vulnerability is a critical remote code execution flaw found in the Progress Telerik Report Server, a widely used business reporting solution. This flaw allows attackers to execute malicious code remotely on affected systems, potentially leading to severe consequences such as data theft, malware installation, or disruption of critical business operations. All versions of the Progress Telerik Report Server before 2024 Q1 (10.0.24.130) are vulnerable to this exploit. Progress Telerik has released a fix in Report Server version 2024 Q1 (10.0.24.305) and organizations using Telerik Report Server are urged to update as soon as possible to address this security flaw.

News Articles

CyberWire

CVE-2024-4358CVE-2024-1800

Shiny Hunters claims to have breached Ticketmaster and Santander through Snowflake accounts.

London hospitals disrupted by ransomware attack. More cyberespionage in the South China Sea region. Fog ransomware targets the US education sector.

7 months ago

TechTarget

CVE-2024-4358CVE-2024-1800

Critical Progress Telerik vulnerability under attack | TechTarget

The Shadowserver Foundation observed exploitation attempts that leverage a critical vulnerability in Progress Telerik Report Server.

7 months ago

Help Net Security

CVE-2024-4358CVE-2024-1800

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) - Help Net Security

A PoC exploit chaining together CVE-2024-4358 and CVE-2024-1800 can achieve unauthenticated RCE on Progress Telerik Report Servers.

7 months ago

More News...

References