Lucene search

The Hacker NewsTHN:88018F8092D084C67530D2D34BA2C096

HistoryJun 04, 2024 - 2:43 p.m.

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

2024-06-0414:43:00

The Hacker News

thehackernews.com

progress software

authentication bypass

remote attacker

cve-2024-4358

report server

security flaw

cve-2024-1800

exploit

authentication

arbitrary code

elevated privileges

threat actors

update

mitigation technique

iis server

exclusive content

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

Low

0.938 High

EPSS

Percentile

99.2%

JSON

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users.

The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0.

“In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability,” the company said in an advisory.

The shortcoming has been addressed in Report Server 2024 Q2 (10.1.24.514). Sina Kheirkhah of Summoning Team, who is credited with discovering and reporting the flaw, described it as a “very simple” bug that could be exploited by a “remote unauthenticated attacker to create an administrator user and login.”

Besides updating to the latest version, Progress Software is urging customers to review their Report Server’s users list for the presence of any new Local users that they may have not added.

As temporary workarounds until the patches can be applied, users are being asked to implement a URL Rewrite mitigation technique to remove the attack surface in the Internet Information Services (IIS) server.

The development arrives a little over a month after Progress remediated another high-severity flaw impacting the Telerik Report Server (CVE-2024-1800, CVSS score: 8.8) that permits an authenticated remote attacker to execute arbitrary code on affected installations.

In a hypothetical attack scenario, a malicious actor could fashion CVE-2024-4358 and CVE-2024-1800 into an exploit chain in order to sidestep authentication and execute arbitrary code with elevated privileges.

With vulnerabilities in Telerik servers actively exploited by threat actors in the past, it’s imperative that users take steps to update to the latest version as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.