CVE affecting Progress Telerik Report Servers

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00pm, 5 June 2024

TLP Rating: Clear

CVE affecting Progress Telerik Report Servers

The NCSC would like to draw your attention to CVE-2024-4358 and CVE-2024-1800 affecting Progress Telerik Report Servers. The chaining of these two vulnerabilities can lead to unauthenticated remote code execution on vulnerable servers. The NCSC is aware of a publicly available proof of concept (PoC).

CVE-2024-4358 can allow an unauthenticated attacker to gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

CVE-2024-1800 can lead to remote code execution through an insecure deserialisation vulnerability.

The NCSC encourages organisations in New Zealand that use the affected product to review the vendor advisory, check impacted devices for evidence of exploitation and compromise, and apply the patches as soon as possible.

If your organisation has seen or does see evidence of compromise related to CVE-2024-4358 and CVE-2024-1800, please contact ncscincidents@ncsc.govt.nz

CVE affecting Progress Telerik Report Servers

How helpful was this page?