Telerik Reporting at Risk of Code Execution Attack Due to Insecure Deserialization Vulnerability
CVE-2024-1801

7.7HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Reporting
Vendor: CVE Published:; 20 March 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability identified in Progress Telerik Reporting prior to the 2024 Q1 release (version 18.0.24.130) poses a significant risk due to insecure deserialization. This weakness enables local attackers to exploit the system by potentially executing arbitrary code, leveraging the deserialize mechanism inappropriately. Organizations utilizing affected versions should be aware of the inherent risks and apply necessary security measures to mitigate the threat.

Affected Version(s)

Telerik Reporting Q1 2007

News Articles

The Cyber Express

CVE-2024-1801 CVE-2024-1856

CCB Issues Warning On Progress Telerik Vulnerabilities

The Centre for Cybersecurity Belgium issued a security advisory on critical vulnerabilities affecting Progress Telerik products.

7 months ago

thmubnail image

References

https://www.telerik.com/products/reporting.aspx

https://docs.telerik.com/reporting/knowledge-base/deseria...

vendor-advisory

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Jun 6, 2024
📰
First article discovered by The Cyber Express
Jun 6, 2024
Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Feb 22, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative

.