{"id":2051,"date":"2024-06-11T04:35:30","date_gmt":"2024-06-11T04:35:30","guid":{"rendered":"https:\/\/amaru.co.nz\/fj\/?post_type=threat-intelligence&#038;p=2051"},"modified":"2024-07-12T00:11:44","modified_gmt":"2024-07-12T00:11:44","slug":"vulnerability-alert-cve-2024-4358-and-cve-2024-1800-affecting-progress-telerik-report-servers","status":"publish","type":"threat-intelligence","link":"https:\/\/amaru.co.nz\/fj\/blog\/threat-intelligence\/vulnerability-alert-cve-2024-4358-and-cve-2024-1800-affecting-progress-telerik-report-servers\/","title":{"rendered":"Vulnerability Alert: CVE-2024-4358 and CVE-2024-1800 affecting Progress Telerik Report Servers"},"content":{"rendered":"<p class=\"wordsection1\"><span lang=\"EN-US\">AMARU would like to draw your attention to CVE-2024-4358 and CVE-2024-1800 affecting Progress Telerik Report Servers. The chaining of these two vulnerabilities can lead to unauthenticated remote code execution on vulnerable servers. We are aware of a publicly available proof of concept (PoC). <\/span><\/p>\n<p class=\"wordsection1\"><span lang=\"EN-US\">CVE-2024-4358 can allow an unauthenticated attacker to gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.<\/span><span lang=\"EN-US\">\u00a0<\/span><\/p>\n<p class=\"wordsection1\"><span lang=\"EN-US\">CVE-2024-1800 can lead to remote code execution through an insecure deserialisation vulnerability.<\/span><\/p>\n<p class=\"wordsection1\"><span lang=\"EN-US\">AMARU encourages organisations in New Zealand that use the affected product to review the <\/span><span lang=\"EN-NZ\"><a title=\"https:\/\/docs.telerik.com\/report-server\/knowledge-base\/registration-auth-bypass-cve-2024-4358\" href=\"https:\/\/docs.telerik.com\/report-server\/knowledge-base\/registration-auth-bypass-cve-2024-4358\" data-outlook-id=\"c8d0281b-8ede-4bf4-86bd-6f39f275bec0\">vendor advisory<\/a><\/span><span lang=\"EN-US\">, check impacted devices for evidence of exploitation and compromise, and apply the patches as soon as possible.\u00a0 <\/span><\/p>\n<p class=\"wordsection1\"><span lang=\"EN-NZ\">If your organisation has seen or does see evidence of compromise related to <\/span><span lang=\"EN-US\">CVE-2024-4358 and CVE-2024-1800<\/span><span lang=\"EN-NZ\">, please contact us at hello@amaru.co.nz\/fj\u00a0<\/span><\/p>\n","protected":false},"featured_media":2055,"template":"","class_list":["post-2051","threat-intelligence","type-threat-intelligence","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/amaru.co.nz\/fj\/wp-json\/wp\/v2\/threat-intelligence\/2051","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/amaru.co.nz\/fj\/wp-json\/wp\/v2\/threat-intelligence"}],"about":[{"href":"https:\/\/amaru.co.nz\/fj\/wp-json\/wp\/v2\/types\/threat-intelligence"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/amaru.co.nz\/fj\/wp-json\/wp\/v2\/media\/2055"}],"wp:attachment":[{"href":"https:\/\/amaru.co.nz\/fj\/wp-json\/wp\/v2\/media?parent=2051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}