Exploit for critical Progress Telerik auth bypass released, patch now

Industry news
Post Reply
rbc
President
Posts: 291
Joined: Mon Oct 30, 2023 1:32 am
Location: Vicksburg, MS
ISC2 Member Status: Yes
Contact:

Exploit for critical Progress Telerik auth bypass released, patch now

Post by rbc »

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.

The Telerik Report Server is an API-powered end-to-end encrypted report management solution organizations use to streamline the creation, sharing, storage, distribution, and scheduling of reports.

Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
[...]
Exploit for critical Progress Telerik auth bypass released, patch now
Robert B. Carleton + ISC2 Central Mississippi President
Post Reply