Progress Software has recently addressed a critical vulnerability, identified as CVE-2024-6327, within its Telerik Report Server solution, and is advising all users to upgrade their systems promptly. This vulnerability, if left unpatched, could potentially be exploited by malicious actors to remotely execute code on the affected server.
Telerik Report Server is an essential enterprise tool used for storing, creating, managing, and viewing reports in both web and desktop applications. The specific vulnerability, CVE-2024-6327, is categorized as an insecure deserialization vulnerability, which, when combined with CVE-2024-6096, an insecure type resolution vulnerability affecting Telerik Reporting, poses a significant security risk to users.
CVE-2024-6096 enables attackers to conduct object injection attacks, as highlighted in the report submitted by Markus Wulftange from CODE WHITE GmbH. Fortunately, both vulnerabilities have already been addressed by Progress Software, who made a public disclosure regarding their existence.
To mitigate the risks associated with these vulnerabilities, customers are strongly advised to upgrade to the latest versions of the affected software. Specifically, users should upgrade to Telerik Reporting 2024 Q2 (v18.1.24.709) to eliminate CVE-2024-6096, and to Telerik Report Server 2024 Q2 (10.1.24.709) or newer to address CVE-2024-6327.
In cases where immediate software updates are not feasible, Progress Software recommends users to implement temporary mitigation measures. One such measure involves changing the user associated with the Report Server Application Pool to a profile with limited permissions.
While there have been no reported incidents of the vulnerabilities being exploited in the wild, it is crucial for users to remain vigilant and proactive in securing their systems. Progress Software has a history of being targeted by malicious actors, as evidenced by past incidents involving their software solutions.
For instance, ransomware attackers have previously exploited a zero-day vulnerability in Progress Software’s MOVEit file transfer solution, resulting in severe consequences. Furthermore, vulnerabilities in Progress Software’s Telerik UI component library have been leveraged by attackers to install web shells, underscoring the importance of timely software updates.
Just last month, the Shadowserver Foundation detected exploitation attempts targeting CVE-2024-4358 in conjunction with CVE-2024-1800, allowing threat actors to achieve unauthenticated remote code execution on Progress Telerik Report Servers. These incidents serve as a stark reminder of the ongoing threat landscape and the criticality of maintaining up-to-date software versions.
In conclusion, it is imperative for users of Progress Software’s Telerik Report Server solution to heed the company’s recommendations and promptly upgrade their systems to safeguard against potential security risks. By staying proactive and vigilant, users can enhance the resilience of their systems and protect against potential cyber threats.