Tech Stack: Progress Telerik Report Server on IIS
Date(s) Issued: Published: 05/29/2024; Last Modified: 11/21/2024
Criticality: CVSS v3 Score: 9.8 – CRITICAL
Overview: CVE-2024-4358 is a critical authentication bypass vulnerability affecting Progress Telerik Report Server versions 2024 Q1 (10.0.24.305) and earlier. This flaw allows unauthenticated attackers to gain access to restricted functionalities of the Report Server by exploiting improper validation mechanisms. When combined with CVE-2024-1800, an insecure deserialization vulnerability, attackers can achieve remote code execution, leading to full system compromise.
Solution/Mitigation:
- Upgrade:
- Telerik Report Server Version: Upgrade to version 2024 Q2 (10.1.24.514) or later, which addresses both CVE-2024-4358 and CVE-2024-1800. This update resolves the authentication bypass and deserialization vulnerabilities. Telerik Documentation
- Temporary Mitigation:
- URL Rewrite Rule: If immediate upgrading is not feasible, implement a URL Rewrite rule in IIS to block access to the vulnerable endpoint:
- Install URL Rewrite Module: Ensure the URL Rewrite module is installed in IIS.
- Configure Rule:
- Open IIS Manager and select the Telerik Report Server site.
- Navigate to the URL Rewrite module.
- Add a new ‘Request Blocking’ rule.
- Set “Block Access Based On” to “URL Path.”
- Enter the pattern:
startup/register. - Apply the rule to block unauthorized access. Telerik Documentation
- URL Rewrite Rule: If immediate upgrading is not feasible, implement a URL Rewrite rule in IIS to block access to the vulnerable endpoint:
- Review User Accounts:
- Examine the list of users in your Report Server for any unauthorized accounts that may have been created due to this vulnerability. Remove any suspicious accounts immediately. Telerik Documentation
- Monitor for Indicators of Compromise (IoCs):
- Regularly review server logs for unusual activities, such as unexpected administrative actions or the creation of new user accounts. Implement intrusion detection systems to alert on potential exploitation attempts.
- Apply Principle of Least Privilege:
- Ensure that user accounts have the minimum necessary permissions to perform their tasks. Restrict administrative privileges to trusted personnel only.
Confirmation & Additional Information:
- Verification: After applying the upgrade or mitigation, test the Report Server to confirm that unauthorized access is no longer possible. Attempt to access restricted functionalities without authentication to ensure the vulnerability has been addressed.
- Stay Updated: Regularly check for updates and security advisories from Progress Telerik to ensure your Report Server remains secure. Subscribe to their notifications for the latest information.
- Official Resources:
- Progress Telerik Security Advisory: Telerik Documentation
- National Vulnerability Database Entry: NIST National Vulnerability Database
