Security News > 2024 > June > Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
Although exploiting the deserialization bug is complex, Kheirkhah's write-up and exploit Python script are publicly available, making the case pretty straightforward for aspiring attackers.
QNAP QTS zero-day in Share feature gets public RCE exploit.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
Exploit released for maximum severity Fortinet RCE bug, patch now.
News URL
Related news
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)