Home Latest Cyber Security News | Network Security Hacking Progress Telerik Report Server Vulnerability Allows RCE Attacks
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Progress Telerik Report Server Vulnerability Allows RCE Attacks

by Abeerah Hashim
written by Abeerah Hashim
Progress Telerik Report Server RCE vulnerability patched

Progress Telerik Report Server users must rush to update their systems as the firm patched a critical remote code execution (RCE) vulnerability.

Critical RCE Vulnerability Affected Progress Telerik Report Server

According to a recent advisory, Progress Telerik Report Server was impacted by a critical security vulnerability that could allow RCE attacks. The vulnerability existed due to the insecure deserialization of untrusted data, which could let an adversary execute arbitrary codes.

The vulnerability received the CVE ID CVE-2024-6327 and a critical severity rating with a CVSS score of 9.9.  Presently, the firm has not shared any technical details about the vulnerability. Even the vulnerability’s NVD listing mentions it as “under analysis,” awaiting details for the vulnerability summary.

Nonetheless, what’s clear is that the vulnerability impacts most existing Telerik Report Servers, including and prior to 10.1.24.514. Upon knowing the flaw, Progress patched it with version 2024 Q2 (10.1.24.709). Hence, users should ensure updating to this or later releases to receive the fix and avoid potential threats.

While the firm urges all users to update their systems with the latest release, Progress also shared temporary mitigation for systems where an immediate update isn’t possible. They recommend “changing the user for the Report Server Application Pool to one with limited permissions.”

For now, it remains unclear if the vulnerability has been actively attacked in the wild. Yet, as evident from the Progress Telerik Report Server vulnerabilities’ history, it isn’t impossible. The most recent incident involved CVE-2024-1800, when the exploit became publicly available quickly.

Progress credited the researcher Markus Wulftange from CODE WHITE GmbH for reporting this flaw. The same researcher also discovered and reported another vulnerability, CVE-2024-6096, which affected all Progress Telerik Reporting versions before the latest release with the patch. The firm described it as an insecure type resolution that could allow object injection attacks, patching it with Reporting 2024 Q2 (18.1.24.709).

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Halliburton Cyberattack Update: Losses Worth $35 Million Hit...

Microsoft Released November 2024 Patch Tuesday With ~90...

Google Cloud To Implement MFA as a Mandatory...

Opera Browser Vulnerability Could Allow Exploits Via Browser...

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In...

Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Microsoft Defender VPN Detects Unsafe WiFi Networks