CVE-2024-4358
Registration Authentication Bypass Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 30, 2024
- Published Date
- May 29, 2024
- Last Updated
- August 01, 2024
- Vendor
- Progress Software Corporation
- Product
- Telerik Report Server
- Description
- In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-06-13 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/telerik_report_server_deserialization.rb | 2025-04-29 11:01:39 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4358.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
telerik_report_server_deserialization
Type: metasploit • Created: Unknown
gh-ost00/CVE-2024-4358
Type: github • Created: 2024-08-24 10:09:09 UTC • Stars: 4
verylazytech/CVE-2024-4358
Type: github • Created: 2024-06-09 06:30:06 UTC • Stars: 12
Sk1dr0wz/CVE-2024-4358_Mass_Exploit
Type: github • Created: 2024-06-05 01:05:12 UTC • Stars: 24
RevoltSecurities/CVE-2024-4358
Type: github • Created: 2024-06-04 11:32:59 UTC • Stars: 5
sinsinology/CVE-2024-4358
Type: github • Created: 2024-06-03 08:22:10 UTC • Stars: 75