CVE-2024-4358: Critical Authentication Bypass Flaw Discovered in Progress Telerik Report Server

A critical vulnerability (CVE-2024-4358) has been discovered in Progress Telerik Report Server, a popular report management solution used by organizations worldwide. This vulnerability, rated with a CVSS score of 9.8 (out of 10), could allow unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to sensitive report data and server functionality.

The affected versions include Telerik Report Server version 2024 Q1 (10.0.24.305) and earlier. This vulnerability can be exploited by an attacker who can bypass the authentication mechanism on an IIS server hosting the Report Server. Despite the lack of reported exploits in the wild, the potential impact of this vulnerability necessitates immediate attention.

The vulnerability poses significant risks, including unauthorized access to sensitive data and the potential for further exploitation within an organization’s network. Users are urged to review their Report Server’s user list for any new local users that were not added intentionally. This can be done by navigating to {host}/Users/Index.

The vulnerability was discovered by Sina Kheirkhah of Summoning Team, working in collaboration with the Trend Micro Zero Day Initiative.

The only effective remediation for this vulnerability is to update to Telerik Report Server version 2024 Q2 (10.1.24.514) or later. Organizations utilizing the Progress Telerik Report Server must prioritize this update to safeguard against potential attacks exploiting the CVE-2024-4358 vulnerability. Staying proactive in applying security patches and reviewing user access lists are essential steps in maintaining a secure and resilient IT environment.