Exploit for critical Progress Telerik auth bypass released, patch now
Posted: Mon Jun 03, 2024 9:03 pm
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.
The Telerik Report Server is an API-powered end-to-end encrypted report management solution organizations use to streamline the creation, sharing, storage, distribution, and scheduling of reports.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
[...]
Exploit for critical Progress Telerik auth bypass released, patch now
The Telerik Report Server is an API-powered end-to-end encrypted report management solution organizations use to streamline the creation, sharing, storage, distribution, and scheduling of reports.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
[...]
Exploit for critical Progress Telerik auth bypass released, patch now