Chained Flaws in Progress Telerik Report Server Enable Unauthenticated RCE

Threat Level – Red | Vulnerability Report
Download PDF

Summary:

A proof-of-concept (PoC) exploit script has been publicly disclosed, demonstrating a chained remote code execution (RCE) vulnerability present in Progress Telerik Report Servers. This exploit leverages two vulnerabilities, CVE-2024-1800 and CVE-2024-4358, an authentication bypass, and a deserialization flaw, respectively, to execute arbitrary code on the target system.
 

Threat Level – Red | Vulnerability Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox