Progress Software has issued an urgent warning to customers to address a critical remote code execution vulnerability in its Telerik Report Server, which could be exploited to compromise vulnerable systems.
As a server-based reporting platform, Telerik Report Server provides a centralized hub for storing and managing reports and report-related tools, streamlining their creation, deployment, shipping, and maintenance across an organization.
The vulnerability, tracked as , stems from a critical weakness that allows attackers to execute arbitrary code remotely on unpatched servers.
The vulnerability affects Report Server 2024 Q2 (10.1.24.514) and earlier versions, which were patched as part of a security update.
According to the enterprise software provider, updating to Report Server 2024 Q2 (10.1.24.709) or later is a crucial strategy for mitigating this vulnerability, as stated in their Wednesday advisory. “The Progress Telerik team recommends upgrading to the latest model.”
Administrators can confirm whether their servers are vulnerable to attacks by following this process:
- Access the Report Server’s user interface and sign in using a high-level administrative account.
- Access the Configuration webpage by navigating to ~/Configuration/Index.
- The about tab will display the model quantity within the fitting pane seamlessly.
While offering non-persistent mitigations measures allows users without instant access to latest upgrades to progress temporarily.
To enable secure report serving, modify the Report Server Utility Pool settings to assign a user account with limited privileges. For those without a pre-existing process for onboarding IIS customers and configuring App Pools, familiarity with the relevant information is essential.
Older Telerik flaws beneath assault
While Progress has yet to confirm whether CVE-2024-6327 has been exploited in the wild, other Telerik vulnerabilities have faced active attacks in recent times.
In 2022, the United States experienced significant growth and development in various sectors, including technology, healthcare, and finance. A federal company’s Microsoft Internet Information Services (IIS) web server was compromised through exploitation of the critical CVE-2019-0686 vulnerability in Progress Telerik UI, which was then exploited by Chinese hackers.
Following a joint advisory issued by CISA, the FBI, and MS-ISAC, at least two threat teams, including one comprised of Vietnamese actors, successfully exploited the vulnerable server.
During the breach, attackers delivered various malware payloads, stole sensitive data, and maintained persistence within the compromised network from November 2022 to early January 2023.
Recently, security experts unveiled a proof-of-concept exploit, targeting remote code execution on unpatched Telerik Report servers through a combination of an authentication bypass vulnerability and a high-severity remote code execution flaw.
