Lucene search

ProgressSoftwareCVELIST:CVE-2024-0832

HistoryJan 31, 2024 - 3:14 p.m.

CVE-2024-0832 Privilege Elevation via Telerik Reporting Installer

2024-01-3115:14:44

CWE-269

ProgressSoftware

www.cve.org

telerik reporting

privilege elevation

cve-2024-0832

vulnerability

installer component

operating system

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.1%

JSON

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Telerik Reporting Installer"
    ],
    "product": "Telerik Reporting",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThan": "2024 R1",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability

www.telerik.com/products/reporting.aspx

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for CVELIST:CVE-2024-0832