A critical vulnerability related to authentication bypass in the Progress Telerik Report Server has been discovered, with the CVE code CVE-2024-4358 assigned to it. This vulnerability affects Telerik Report Server 2024 Q1 (10.0.24.305) and earlier versions. The severity of this vulnerability has been rated as 9.8, making it a critical issue that requires immediate attention.

Progress, the company behind Telerik Report Server, has taken steps to address this vulnerability in the latest versions of the software. A security advisory has been released to inform users about the vulnerability and the necessary steps to mitigate the risk. It is crucial for users of the Telerik Report Server to update to the latest version, Report Server 2024 Q2 (10.1.24.514) or later, to protect their systems from potential exploitation.

According to reports shared with Cyber Security News, exploiting this vulnerability could allow an unauthorized threat actor to access restricted functionalities of the Telerik Report Server through spoofing. While there have been no reported incidents of this vulnerability being exploited in the wild, users are advised to review the list of local users on the server to ensure that there are no unauthorized accounts present. The presence of additional users could indicate a potential exploitation of the server.

Although further details about this vulnerability are yet to be published, it is clear that the only way to resolve this issue is by updating the Telerik Report Server to the latest version. Sina Kheirkhah of the Summoning Team, working with Trend Micro Zero Day Initiative, was credited with reporting this vulnerability, highlighting the collaborative efforts in the cybersecurity community to identify and address such issues.

In light of this discovery, users of the Progress Telerik Report Server are strongly recommended to upgrade their systems to the latest versions promptly. By doing so, they can safeguard their data and systems from potential threats and exploits that could arise from this critical vulnerability.

As cybersecurity threats continue to evolve, it is essential for organizations to stay vigilant and proactive in maintaining the security of their systems and software. By staying informed about potential vulnerabilities and promptly applying updates and patches, users can mitigate risks and protect their sensitive information from falling into the wrong hands.

In conclusion, the discovery of the authentication bypass vulnerability in the Progress Telerik Report Server underscores the importance of regular software updates and security measures in safeguarding against cyber threats. Users are encouraged to follow the recommendations provided by Progress and other cybersecurity experts to ensure the integrity and security of their systems.

Source link