Progress fixed a critical authentication bypass flaw affecting its Telerek report server. This vulnerability appeared when Progress tried to remove another vulnerability but an authorization bypass was possible. Users should make sure to update to the latest release to get the fix.

PoC shared for progress Telerik report server error.

According to a recent Post From security researcher Sina Khairkha, Khairkha, along with another researcher Soorosh Deli, exploited a vulnerability in the Progress Telerek report server.

As explained, the vulnerability, which has now been identified. CVE-2024-4358Basically the previously reported flaw CVE-2024-1800 has a validation bypass.

As for CVE-2024-1800, this vulnerability made the news when it was developed. Revealed it As a remote code execution risk. According to Advisory of ZDIthe issue appeared to be due to insecure deserialization, and authentication is required to exploit this vulnerability.

The received flaw initially received a CVSS score of 8.8, and affected versions of the Telerik Report Server prior to Q1 2024 (10.0.24.130). Progress deployed a patch for this with Report Server 2024 Q1 (10.0.24.305), asking users to upgrade to this or a later version.

However, the two researchers devised a way to bypass this authentication restriction, eventually increasing its CVSS to 9.9, and obtaining a new identification, CVE-2024-4358.

In particular, they observed a flaw in the implementation of the register procedure. Due to the current installation setup’s lack of authentication, an unauthenticated adversary could exploit this flaw, gaining “system administrator” privileges.

Once an adversary gains admin privileges, it becomes trivial to exploit the deserialization issue to obtain full RCE.

In his post, the researcher shared the PoC exploit as well as explained the technical details about the vulnerabilities.

Progress compounded weakness.

After the responsible disclosure by the researchers, the development fixed the vulnerability and shared a detailed Advisory To help users patch their systems.

As described, the vulnerability affected Report Server version 2024 Q1 (10.0.24.305), which the vendor patched with the release of Report Server 2024 Q2 (10.1.24.514). To Avoid potential exploitationusers should make sure to update to this, or a later Report Server version.

However, where applying an immediate update is not possible, Progress recommends implementing URL rewriting techniques as a temporary workaround.

In addition, they also advised users to look for any new local accounts in the report server’s user list via {host}/Users/Index to ensure there are no malicious accounts.

Let us know your thoughts in the comments.



Source link