Telerik Report Server Authentication Bypass Vulnerability
Description
Progress Telerik Report Server versions 2024 Q1 (10.0.24.305) and earlier contain an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent authentication controls and gain unauthorized access to the application. Successful exploitation enables attackers to access administrative functionality, create unauthorized user accounts, and interact with the Report Server as if they were legitimate authenticated users. This critical vulnerability requires no user interaction and can be exploited over the network without any prior authentication.
Remediation
Immediately upgrade to Progress Telerik Report Server version 2024 Q2 (10.1.24.514) or later, which contains patches for CVE-2024-4358. Follow these steps to remediate:
1. Verify Current Version: Check your installed Report Server version in the application settings or about page
2. Backup Data: Create a complete backup of your Report Server configuration and data before upgrading
3. Download Update: Obtain version 10.1.24.514 or later from the official Progress Telerik website
4. Apply Upgrade: Follow the vendor's upgrade documentation to install the patched version
5. Audit User Accounts: Review all user accounts for any unauthorized accounts created through exploitation and remove them immediately
6. Review Access Logs: Examine authentication and access logs for suspicious activity or unauthorized access attempts
7. Reset Credentials: Consider resetting passwords for all administrative accounts as a precautionary measure
If immediate patching is not possible, restrict network access to the Report Server to trusted IP addresses only and implement additional network-level authentication controls until the update can be applied.