AMARU would like to draw your attention to CVE-2024-4358 and CVE-2024-1800 affecting Progress Telerik Report Servers. The chaining of these two vulnerabilities can lead to unauthenticated remote code execution on vulnerable servers. We are aware of a publicly available proof of concept (PoC).
CVE-2024-4358 can allow an unauthenticated attacker to gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVE-2024-1800 can lead to remote code execution through an insecure deserialisation vulnerability.
AMARU encourages organisations in New Zealand that use the affected product to review the vendor advisory, check impacted devices for evidence of exploitation and compromise, and apply the patches as soon as possible.
If your organisation has seen or does see evidence of compromise related to CVE-2024-4358 and CVE-2024-1800, please contact us at [email protected]