Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.PROGRESS_TELERICK_CVE-2024-1800.NASLHistoryJun 04, 2024 - 12:00 a.m.
Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)
2024-06-0400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
progress telerik report server
insecure deserialization
cve-2024-1800
remote code execution
nessus
upgrade.
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.3%
The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability, as follows:
- In Progress Telerik Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(200090);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/13");
script_cve_id("CVE-2024-1800");
script_xref(name:"CEA-ID", value:"CEA-2024-0009");
script_name(english:"Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)");
script_set_attribute(attribute:"synopsis", value:
"The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization
vulnerability, as follows:
- In Progress Telerik Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is
possible through an insecure deserialization vulnerability.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fc08777");
script_set_attribute(attribute:"solution", value:
"Upgrade to Progress Telerik Report Server 2024 Q1 (10.0.24.305) or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1800");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Telerik Report Server Auth Bypass and Deserialization RCE');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/20");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/04");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:progress:telerik_report_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("progress_telerik_report_server_web_interface_detect.nbin");
script_require_keys("installed_sw/Progress Telerik Report Server");
script_require_ports("Services/www", 443);
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:443);
var app_info = vcf::get_app_info(app:'Progress Telerik Report Server', port:port, webapp:TRUE);
var constraints = [
{ 'fixed_version':'10.0.24.305'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | telerik_report_server | x-cpe:/a:progress:telerik_report_server |
Related
cvelist
cvelist
CVE-2024-1800 Progress Telerik Report Server Deserialization
2024-03-20 13:11:41
vulnrichment
vulnrichment
CVE-2024-1800 Progress Telerik Report Server Deserialization
2024-03-20 13:11:41
zdi
zdi
nvd
nvd
CVE-2024-1800
2024-03-20 13:15:11
cve
cve
CVE-2024-1800
2024-03-20 13:15:11
nuclei
nuclei
Progress Telerik Report Server - Authentication Bypass
2024-06-03 10:40:34
zdt
zdt
Telerik Report Server Authentication Bypass / Remote Code Execution Exploit
2024-06-13 00:00:00
packetstorm
packetstorm
Telerik Report Server Authentication Bypass / Remote Code Execution
2024-06-13 00:00:00
metasploit
metasploit
Telerik Report Server Auth Bypass and Deserialization RCE
2024-06-12 12:58:37
Telerik Report Server Auth Bypass
2024-06-06 17:46:21
thn
thn
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
2024-06-04 14:43:00
attackerkb
attackerkb
CVE-2024-4358
2024-05-29 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 06/14/2024
2024-06-14 19:09:16
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.3%
Related for PROGRESS_TELERICK_CVE-2024-1800.NASL