Progress Software’s Telerik Report Server Flaw: Unauthorized Admin Account Creation

telerik report server CVE-2024-4358

Progress Software has swiftly addressed a critical security flaw in the Telerik Report Server, ensuring the safety of users’ data and systems. The vulnerability, identified as CVE-2024-4358, presented a significant risk, allowing remote attackers to bypass authentication measures and create unauthorized administrator accounts.

Thanks to the vigilant efforts of Sina Kheirkhah from the Summoning Team, who discovered and reported the flaw, this issue has been promptly resolved. Progress Software has released updates in Report Server 2024 Q2 (version 10.1.24.514), fortifying the system against potential breaches.

This proactive response underscores Progress Software’s commitment to cybersecurity and protecting its users from potential threats. The company has also provided interim measures to mitigate risks until the patches can be applied. Users are encouraged to implement a URL Rewrite mitigation technique, which effectively reduces the attack surface in Internet Information Services (IIS) servers.

It’s worth noting that this isn’t the first time Progress Software has swiftly addressed security concerns in the Telerik Report Server. Just over a month ago, they remedied another high-severity flaw (CVE-2024-1800, CVSS score: 8.8), further demonstrating their dedication to safeguarding user data and maintaining the integrity of their systems.

update now

The potential ramifications of these vulnerabilities cannot be understated. In a hypothetical attack scenario, threat actors could exploit CVE-2024-4358 and CVE-2024-1800 in tandem, bypassing authentication protocols and executing arbitrary code with elevated privileges. Given the history of Telerik server vulnerabilities being exploited by malicious entities, it’s imperative that users take immediate action to update their systems and fortify their defenses against potential threats.

As users await the deployment of patches, it’s crucial to remain vigilant and review user lists for any unauthorized entries. By staying informed and proactive, users can mitigate risks and ensure the continued security of their systems.

In conclusion, Progress Software’s swift response to the Telerik Report Server flaw is commendable, reflecting their unwavering commitment to cybersecurity. By promptly addressing vulnerabilities and providing timely updates, they have demonstrated their dedication to protecting user data and maintaining the integrity of their products. Users are strongly encouraged to apply the necessary patches and implement recommended mitigation techniques to safeguard their systems against potential threats.

Scroll to Top