Security News > 2024 > June > Exploit for critical Progress Telerik auth bypass released, patch now

Exploit for critical Progress Telerik auth bypass released, patch now
2024-06-03 17:58

Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers.

Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.

Although exploiting the deserialization bug is complex, Kheirkhah's write-up and exploit Python script are publicly available, making the case pretty straightforward for aspiring attackers.

QNAP QTS zero-day in Share feature gets public RCE exploit.

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.

Exploit released for maximum severity Fortinet RCE bug, patch now.


News URL

https://www.bleepingcomputer.com/news/security/exploit-for-critical-progress-telerik-auth-bypass-released-patch-now/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Progress 28 3 53 45 25 126
Telerik 10 0 5 4 8 17