CVE-2024-4358:
CVE-2024-4358 is a remote authentication bypass vulnerability in Progress Telerik Report Server for Windows (IIS) that affects versions prior to 10.1.24.514, allowing an unauthenticated attacker to access restricted Telerik Report Server functionality.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:May 29, 2024
- CISA KEV Date:Jun 13, 2024
- Industries Affected:20
15 DaysThreat Predictions
- EPSS Score:94.4
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
CVE-2024-4358 is a remote authentication bypass vulnerability in Progress Telerik Report Server for Windows (IIS) that affects versions prior to 10.1.24.514, allowing an unauthenticated attacker to access restricted Telerik Report Server functionality.
Overview
Progress Telerik Report Server on Windows IIS contains an unauthenticated authentication bypass that lets remote attackers reach restricted server functionality without valid credentials. The flaw affects versions older than 10.1.24.514 and carries a critical severity, given its ability to compromise confidentiality, integrity, and availability via a network attack with no user interaction required. This aligns with documented authentication-bypass patterns (CWE-290) and is recognized in vulnerability feeds and vendor advisories.
Remediation
- Upgrade to Telerik Report Server version 10.1.24.514 or newer. Apply the vendor-provided patch or upgrade package from Progress/Telerik and verify the installation after update.
- If immediate upgrading is not possible, implement compensating controls:
- Restrict unauthenticated access to the Telerik Report Server by configuring IIS to require authentication for the application, and limit access to trusted networks or VPNs.
- Implement a web application firewall (WAF) rule or network ACLs to block attempts to reach the authentication/registration endpoints.
- Disable or tightly control any registration/authentication bypass functionality exposed to the internet, and audit related endpoints for exposure.
- Strengthen authentication and monitoring:
- Enforce strong authentication for users and service accounts; enable detailed access and audit logging.
- Monitor logs for anomalous authentication attempts and rapid access to restricted features; set up alerts for unusual login activity.
- Rotate credentials if there is any concern of credential exposure.
- Validate remediation:
- After applying the patch or mitigations, re-scan the environment and perform functional testing to confirm restricted functionality cannot be accessed without proper authentication.
- Test in a staging environment before rolling out to production.
- Documentation and coordination:
- Review vendor security notices and ensure your change management tickets reflect the remediation.
- Maintain contact with the vendor for any additional hotfixes or guidance.
References
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Jun 4, 2024
- CISA KEV Date:Jun 13, 2024
- Days Early:15 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
