CVE-2024-1800

critical

Description

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.

From the Tenable Blog

CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server

CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server

Published: 2024-06-04

Researchers have released an exploit chain to achieve remote code execution on unpatched instances of Progress Telerik Report Server. Immediate patching is recommended.

References

https://www.helpnetsecurity.com/2024/07/26/cve-2024-6327/

https://www.tenable.com/blog/cve-2024-4358-cve-2024-1800-exploit-code-available-for-critical-exploit-chain

https://www.bleepingcomputer.com/news/security/exploit-for-critical-progress-telerik-auth-bypass-released-patch-now/

https://www.telerik.com/report-server

https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800

Details

Source: Mitre, NVD

Published: 2024-03-20

Updated: 2024-03-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical