Security News > 2024 > June > Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
Although exploiting the deserialization bug is complex, Kheirkhah's write-up and exploit Python script are publicly available, making the case pretty straightforward for aspiring attackers.
QNAP QTS zero-day in Share feature gets public RCE exploit.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
Exploit released for maximum severity Fortinet RCE bug, patch now.
News URL
Related news
- Exploit for critical Veeam auth bypass available, patch now (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- Veeam warns of critical Backup Enterprise Manager auth bypass bug (source)
- Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (source)
- Exploit released for maximum severity Fortinet RCE bug, patch now (source)
- PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)