Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and delivery/distribution. As noted by Censys earlier this year, “an attacker with remote access and an ability to execute malicious code on such an asset may allow such an attacker to not only interfere with reporting … More
The post PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) appeared first on Help Net Security.