Critical error in auth bypass affects Telerik Report Server progress

3 Min Read

Progress has patched a critical authentication bypass flaw impacting the Telerik Report Server. The vulnerability appeared after Progress attempted to address another vulnerability, but an authorization bypass became possible. Users should make sure they update to the latest release to receive the fix.

PoC shared for progress Telerik reports server error

According to a recent after of security researcher Sina Kheirkhah, Kheirkhah, together with another researcher Soroush Dalili, developed an exploit for a patched vulnerability in Progress Telerik Report Server.

As explained, the vulnerability has now been identified as CVE-2024-4358is in fact an authentication bypass in a previously reported bug CVE-2024-1800.

Regarding CVE-2024-1800, this vulnerability made the news when Progress announced it as a remote code execution vulnerability. According to the ZDI’s advicethe issue arose due to insecure deserialization, and exploiting this vulnerability required authentication.

This bug initially received a CVSS score of 8.8 and affected Telerik Report Server versions before Q1 2024 (10.0.24.130). Progress has deployed a patch for it with Report Server 2024 Q1 (10.0.24.305), prompting users to upgrade to this or later versions.

However, the two researchers devised a way to bypass this authentication limitation, eventually raising the CVSS to 9.9 and receiving a new identifier, CVE-2024-4358.

In particular, they found a flaw in the implementation of the Register method. Due to a lack of validation for the current installation settings, an unauthenticated adversary could exploit the flaw and gain ‚ÄúSystem Administrator‚ÄĚ privileges.

Once an adversary gains administrative privileges, exploiting the deserialization problem to achieve full RCE becomes trivial.

The researcher explained the technical details about the vulnerabilities in his post, besides sharing the PoC exploit.

See also  Ariana Grande's ex-husband Dalton Gomez goes out with Maika Monroe

Progress has closed the vulnerability

Following responsible disclosure by the researchers, Progress patched the vulnerability and shared detailed information advisory to help users patch their systems.

As explained, the vulnerability affected Report Server version 2024 Q1 (10.0.24.305), which the vendors patched with the release of Report Server 2024 Q2 (10.1.24.514). To avoid potential exploits, users should ensure they update to this or later Report Server versions.

Nevertheless, if an immediate update is not possible, Progress recommends implementing the URL rewriting technique as a workaround.

In addition, they also advised users to look for new local accounts in the Report Server user list at {host}/Users/Index to ensure no malicious accounts exist.

Let us know your thoughts in the comments.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *