CISA warns of attacks on Progress Telerik Report Server

The US cyber security authority CISA warns of observed attacks on Progress Telerik Report Server. The critical vulnerability allows authentication to be bypassed.

The US authority CISA has announced that active attacks on the vulnerability have been observed. Unfortunately, as usual, it does not say anything about the origin of the cyberattacks or their extent.

Critical vulnerability in Progress Telerik Report Server

The vulnerability was reported by Progress at the end of May. Attackers from the network can gain access to limited functions of the Telerik Report Server without prior login. The cause is an unspecified authentication bypass vulnerability (CVE-2024-4358, CVSS 9.8, risk"critical").

Telerik Report Server up to and including version 2024 Q1 (10.0.24.305) are affected. An update to version 2024 Q2 (10.1.24.514) is available. IT managers should install it immediately. Where this cannot yet be done, at least temporary countermeasures should help. Progress describes in the release that URL rewrite rules can be used to provide protection.

Other exploited security vulnerabilities

The US IT security experts also warn that a security vulnerability in Google's Pixel smartphones is also under attack. However, this already became known shortly before the weekend. Here too, those affected should download and install the updates provided by Google immediately.

In addition, malicious actors have been observed abusing a vulnerability in the Windows Error Reporting Service to escalate their privileges. CVE-2024-26169 has a CVSS score of 7.8, giving it a"high" risk rating. Microsoft patched the vulnerability with updates back in March. It affects all supported Windows versions from Windows 10 Desktop to Server 2022, both with Intel and ARM architecture.

(dmk)