Unauthenticated Attacker Can Gain Access to Restricted Functionality via Authentication Bypass Vulnerability in Telerik Report Server
CVE-2024-4358

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Telerik Report Server
Vendor: CVE Published:; 29 May 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 13,800💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%🦅 CISA Reported📰 News Worthy

What is CVE-2024-4358?

CVE-2024-4358 is a significant vulnerability found in the Progress Telerik Report Server, specifically affecting version 2024 Q1 (10.0.24.305) and earlier. This product is designed for creating and managing reports, providing organizations with insights and analysis of their data. The vulnerability allows unauthenticated attackers to bypass the system’s authentication mechanisms, gaining unauthorized access to restricted functionalities. This presents a major risk, as it can lead to exposure of sensitive reports and data, compromising the integrity and confidentiality of organizational information.

Technical Details

The vulnerability stems from an authentication bypass flaw within the Telerik Report Server's implementation on Internet Information Services (IIS). An attacker leveraging this flaw can exploit the system without needing valid credentials, effectively circumventing security measures intended to protect restricted functionalities. This type of vulnerability highlights critical shortcomings in access controls within the application, putting various operations and sensitive data at risk.

Impact of the Vulnerability

Unauthorized Access: The most immediate impact is the potential for unauthorized users to gain access to sensitive features and data within the Telerik Report Server. This could allow attackers to view or manipulate reports that are meant to be secure.
Data Breach Risk: With unrestricted access, the chances of a data breach are heightened. Attackers could extract sensitive information, which could be used for malicious purposes or sold on illicit markets.
System Integrity Compromise: In addition to unauthorized access and data breaches, the vulnerability poses a risk to the overall integrity of the system. Attackers may exploit this flaw to alter reports or data outputs, leading to potentially damaging decisions based on compromised information.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Telerik Report Server Windows 1.0.0 < 10.1.24.514

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4358
Created by sinsinology