CVE-2024-1800 (CVSS 9.9): Critical RCE Flaw Found in Popular Reporting Platform

A major security flaw (CVE-2024-1800) has been discovered in the Progress Telerik Report Server, a widely used business reporting solution. This vulnerability, rated as critical with a CVSS score of 9.9, allows attackers to execute malicious code remotely on affected systems.

What is the Telerik Report Server?

Telerik Report Server is a centralized platform that enables companies to create, store, deliver, and manage professional-grade reports. It offers features such as report scheduling, email distribution, and integration with both Active Directory and its authentication systems.

The Risk

Successful exploitation of this remote code execution vulnerability could give attackers complete control over the affected server. This can lead to severe consequences including data theft, malware installation, or disruption of critical business operations.

Affected Versions

All versions of the Progress Telerik Report Server before 2024 Q1 (10.0.24.130) are vulnerable to CVE-2024-1800. To check your version, follow these steps:

1. Log in to your Report Server web UI as an administrator.
2. Navigate to the Configuration page.
3. Select the About tab to find the version number.

Urgent Action Required

Progress Telerik has released the fix in Report Server version 2024 Q1 (10.0.24.305) and later. Organizations using Telerik Report Server must update as soon as possible. Here’s how:

1. Log in to your Telerik account and access Report Server Downloads.
2. Download the latest Report Server installer (MSI file).
3. Refer to the official “Upgrading Report Server” documentation for step-by-step instructions.