Description Preview
In Progress Telerik Report Server versions 2024 Q1 (10.0.24.305) and earlier, deployed on IIS, an unauthenticated attacker can exploit an authentication bypass vulnerability. This flaw allows attackers to gain unauthorized access to restricted functionalities of the Telerik Report Server, potentially leading to significant impacts on confidentiality, integrity, and availability.
Overview
- CVE ID: CVE-2024-4358
- Vendor: Progress Software Corporation
- Product: Telerik Report Server
- Affected Versions: Versions earlier than 10.1.24.514
- Impact: The vulnerability has a CVSS score of 9.8, classified as critical, indicating high risk due to potential unauthorized access to sensitive functionalities without requiring any privileges or user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
Remediation
To mitigate the risks associated with CVE-2024-4358, users of Telerik Report Server should:
- Upgrade to version 10.1.24.514 or later, which addresses the authentication bypass vulnerability.
- Review and implement security best practices for web applications, including proper authentication mechanisms and access controls.
- Monitor for any unusual activity or unauthorized access attempts on the Telerik Report Server.
References
- Official Documentation: Telerik Report Server Knowledge Base - Registration Authentication Bypass CVE-2024-4358
- CISA Known Exploited Vulnerabilities: CISA KEV Feed
Early Warning
Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.
- Armis Alert Date
- May 29, 2024
- CISA KEV Date
- Jun 13, 2024
15days early
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Public AdministrationPublic Administration: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- ConstructionConstruction: Low
- Educational ServicesEducational Services: Low
- Finance and InsuranceFinance and Insurance: Low
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- ManufacturingManufacturing: Low
- MiningMining: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Retail TradeRetail Trade: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- UtilitiesUtilities: Low
- Wholesale TradeWholesale Trade: Low
