Security News > 2024 > July > Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
![Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)](/static/build/img/news/progress-fixes-critical-rce-flaw-in-telerik-report-server-upgrade-asap-cve-2024-6327-medium.jpg)
Progress Software has fixed a critical vulnerability in its Telerik Report Server solution and is urging users to upgrade as soon as possible.
Telerik Report Server is an enterprise solution for storing, creating, managing and viewing reports in web and desktop applications.
CVE-2024-6327 is an insecure deserialization vulnerability that may allow attackers to remotely execute code on the underlying server through CVE-2024-6096, an insecure type resolution vulnerability that affects Telerik Reporting, a tool for building reports for and adding them to web and desktop applications.
Customers have been advised to upgrade to Telerik Reporting 2024 Q2, as it's the only way to remove CVE-2024-6096, and to upgrade to Telerik Report Server 2024 Q2 or later to fix CVE-2024-6327.
If the latter action is not possible, Progress Software notes that users "Can temporarily mitigate this issue by changing the user for the Report Server Application Pool to one with limited permissions".
Just last month, the Shadowserver Foundation spotted exploitation attempts for CVE-2024-4358, a vulnerability that, when concatenated with CVE-2024-1800, allowed attackers to achieve unauthenticated remote code execution on Progress Telerik Report Servers.
News URL
https://www.helpnetsecurity.com/2024/07/26/cve-2024-6327/
Related news
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk (source)
- High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts (source)
- PHP fixes critical RCE flaw impacting all versions for Windows (source)
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-24 | CVE-2024-6327 | In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 0.0 |
2024-07-24 | CVE-2024-6096 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 0.0 |
2024-05-29 | CVE-2024-4358 | Authentication Bypass by Spoofing vulnerability in Telerik Report Server 2024 In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | 9.8 |
2024-03-20 | CVE-2024-1800 | In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | 0.0 |