Critical RCE Flaw in Telerik Report Server - Immediate Update Required
1. CVE-2024-6327 affects Progress Telerik Report Server version 2024 Q2 (10.1.24.514) and earlier, allowing remote code execution.
2. The vulnerability stems from insecure deserialization, enabling attackers to execute unauthorized commands.
3. The issue has been fixed in version 10.1.24.709; users should update immediately.
4. As a temporary mitigation, limit the permissions of the Report Server Application Pool user.
5. Admins can verify their version via the Report Server web UI under Configuration > About.
6. This follows another recent critical flaw, CVE-2024-4358, patched in June, which allowed rogue admin creation.
#cve20246327 #cve20244358 #telerik #progresssoftware #remotecodeexecution #cybersecurity #vulnerability #infosec #patchnow #deserializationflaw #technews #cisa #kevinhart
1. CVE-2024-6327 affects Progress Telerik Report Server version 2024 Q2 (10.1.24.514) and earlier, allowing remote code execution.
2. The vulnerability stems from insecure deserialization, enabling attackers to execute unauthorized commands.
3. The issue has been fixed in version 10.1.24.709; users should update immediately.
4. As a temporary mitigation, limit the permissions of the Report Server Application Pool user.
5. Admins can verify their version via the Report Server web UI under Configuration > About.
6. This follows another recent critical flaw, CVE-2024-4358, patched in June, which allowed rogue admin creation.
#cve20246327 #cve20244358 #telerik #progresssoftware #remotecodeexecution #cybersecurity #vulnerability #infosec #patchnow #deserializationflaw #technews #cisa #kevinhart