Chained Flaws in Progress Telerik Report Server Enable Unauthenticated RCE

Threat Advisories

Chained Flaws in Progress Telerik Report Server Enable Unauthenticated RCE

June 5, 2024

Summary:

A proof-of-concept (PoC) exploit script has been publicly disclosed, demonstrating a chained remote code execution (RCE) vulnerability present in Progress Telerik Report Servers. This exploit leverages two vulnerabilities, CVE-2024-1800 and CVE-2024-4358, an authentication bypass, and a deserialization flaw, respectively, to execute arbitrary code on the target system.
 

Threat Level – Red | Vulnerability Report

×

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

 

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.
Sign Up to Receive Our Weekly Threat Digest