Telerik Report Server carried a high severity vulnerability which allowed threat actors to compromise endpoints. It has since been patched, and Progress Software, the company behind the product, urged its users to apply the fix immediately.
Report Server is a popular platform for handling various reporting needs in an organization, providing tools for creating, storing, scheduling, and delivering reports in different formats.
According to Progress, the software had a deserialization of untrusted data vulnerability, which allowed threat actors to run remote code execution (RCE) attacks. It is tracked as CVE-2024-6327 and carries a base score of 9.9 (critical).
Not abused (yet)
Report Server 2024 Q2 (10.1.24.514) and earlier are impacted by the flaw, and the first patched version is 2024 Q2 (10.1.24.709).
“Updating to Report Server 2024 Q2 (10.1.24.709) or later is the only way to remove this vulnerability,” Progress said in a follow-up advisory. “The Progress Telerik team strongly recommends performing an upgrade to the latest version.” To check if you are vulnerable to attacks via the deserialization of untrusted data flaw, you should open up the Configuration page, select the About tab, and look for the version number. Those who are unable to apply the patch at this time, should change the Report Server Application Pool user to one with limited permissions.
There are currently no reports of this vulnerability being exploited in the wild.
Progress Software became infamous following the major data leak incident that involved MOVEit, a managed file transfer (MFT) product. The cyberattack, which happened last year, affected thousands of organizations all over the world, resulted in numerous ransomware attacks, and even prompted the FBI to get involved.
MOVEit is a managed file transfer solution, generally used by SMBs and enterprises to share sensitive files securely. In late May last year, the company building out the solution was tipped off on suspicious activity. A deeper investigation uncovered a major flaw in the software, which allowed threat actors abusing it to steal the data from various endpoints. The attackers – a Russian ransomware actor named Cl0p, first said that at least a hundred companies were affected and had their data stolen. Cybersecurity experts Emsisoft claim more than 2,500 firms confirmed being affected by the breach, impacting more than 64 million people.
Via BleepingComputer