Threat actors have been quick to exploit a critical vulnerability in Progress Telerik Report Server, putting targeted systems at risk of executing malicious code. The vulnerability in question, tracked as CVE-2024-1800, was discovered by security researcher Sina Kheirkhah from Summoning Team. In addition, Kheirkhah also uncovered an authentication bypass vulnerability, tracked as CVE-2024-4358, while investigating the deserialization flaw.
In a recent blog post, Kheirkhah issued a warning to users about the potential exploit chain that could lead to full remote code execution on vulnerable Telerik Report Servers. This warning came just two days after Kheirkhah shared a proof of concept for the exploit chain on GitHub, sparking immediate exploitation attempts by threat actors. The Shadowserver Foundation, a cybersecurity nonprofit organization, reported that exploitation attempts began on June 5, primarily affecting users in the U.S. and U.K.
According to Shadowserver’s findings, there were 89 exploitation attempts on June 5 out of 95 exposed instances. The organization urged users to be cautious and take necessary measures to protect their systems. Telerik acknowledged Kheirkhah for discovering CVE-2024-4358 and Trend Micro’s Zero Day Initiative for uncovering and reporting CVE-2024-1800, which received a high CVSS score of 9.9.
To address these vulnerabilities, Telerik recommended that users upgrade to specific versions of the Report Server software that contain fixes for the issues. It is crucial for users to update their systems promptly to prevent potential exploitation by threat actors. Failure to do so could lead to unauthorized access and malicious activities on the affected systems.
Kheirkhah outlined the exploit chain discovery in detail, explaining how an attacker could leverage the vulnerabilities to gain unauthorized access and escalate privileges. By exploiting the insecure deserialization issue, an attacker could create a user account with administrator privileges, granting them extensive control over the system. This type of attack, if successful, could have severe consequences for the organizations using the vulnerable software.
Given the history of similar attacks on Progress and Telerik products, users are advised to take these vulnerabilities seriously and apply the necessary patches and updates. Past incidents involving these products have resulted in significant security breaches, including ransomware attacks and exploitation by advanced persistent threat actors. By addressing these vulnerabilities proactively, organizations can mitigate the risk of falling victim to cyber threats.
Progress has not provided any comments on the matter at this time. It is essential for users to stay informed about security advisories and take proactive steps to secure their systems against potential threats. With cybersecurity threats on the rise, vigilance and prompt action are crucial to safeguarding sensitive data and systems from exploitation.