Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-6327)

Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.

Telerik Report Server is an end-to-end report management solution that helps transform raw data into actionable business insights and then stores and distributes these insights within the business.

Affected Versions

The vulnerability impacts Telerik Report Server versions before 10.1.24.709. 

Mitigation

Customers must upgrade to Telerik Report Server version 10.1.24.709 or later to upgrade to vulnerability.

For more information, please refer to the Progress Telerik Security Advisory.

Temporary Mitigation

Users can temporarily mitigate the vulnerability by changing the Report Server Application Pool user to one with limited permissions.

Please refer to the How To Change IIS User for Report Server KB article for more information.

Qualys Detection

Qualys customers will be able to detect if their servers are vulnerable by launching a Qualys (WAS, VM) scan.

Qualys customers can scan their devices with QIDs 731672 and 152046 to detect vulnerable assets.

  • QID 731672: Progress Telerik Report Server Insecure Deserialization Vulnerability
  • QID 152046: Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-6327)

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327

Leave a Reply

Your email address will not be published. Required fields are marked *