Security News > 2024 > June > PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
2024-06-04 14:39

Security researchers have published a proof-of-concept exploit that chains together two vulnerabilities to achieve unauthenticated remote code execution on Progress Telerik Report Servers.

Telerik Report Server is a centralized enterprise platform for report creation, management, storage and delivery/distribution.

CVE-2024-1800 is an insecure deserialization vulnerability that allows authenticated remote attackers to execute arbitrary code on vulnerable Telerik installations, i.e., versions prior to 2024 Q1. It was reported by an anonymous researcher and fixed earlier this year by Progress Software.

Both vulnerabilities have been reported to Progress Software through ZDI, and Progress fixed CVE-2024-4358 in May, by releasing Telerik Report Server 2024 Q2. With the help from ethical hacker Soroush Dalili, Kheirkhah devised a PoC exploit that triggers CVE-2024-4358 and then CVE-2024-1800.

Vulnerability in Progress' enterprise solutions have been targeted by attackers in the past.

Late last year, attackers began exploiting two critical vulnerabilities in WS FTP Server just a few days after PoC code for one of them was made public.


News URL

https://www.helpnetsecurity.com/2024/06/04/cve-2024-4358-cve-2024-1800-poc/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-29 CVE-2024-4358 Authentication Bypass by Spoofing vulnerability in Telerik Report Server 2024 10.0.24.130/10.0.24.305
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
network
low complexity
telerik CWE-290
critical
9.8
2024-03-20 CVE-2024-1800 In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Progress 28 0 56 50 31 137
Telerik 8 0 0 5 10 15