.. / CVE-2024-4358

Exploit for Progress Telerik Report Server < 10.0.24.305 - Authentication Bypass (CVE-2024-4358)

Description:

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-4358.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-4358.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-4358
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
https://github.com/sinsinology/CVE-2024-4358
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358