Progress Telerik Report Server Vulnerability Allows RCE Attacks - #CVE-2024-6327
Progress Software has addressed a critical remote code execution vulnerability, identified as CVE-2024-6327 with a CVSS score of 9.9, affecting Telerik Report Server versions prior to 2024 Q2 (10.1.24.709). This insecure deserialization flaw could allow remote, unauthenticated attackers to execute arbitrary code and potentially take full control of the system. Progress has released an update in version 2024 Q2 (10.1.24.709) to mitigate the risk, and users are strongly advised to upgrade immediately. As a temporary measure, users can change the Report Server Application Pool user to one with restricted permissions. While there are no reports of exploitation in the wild, Progress Software's products have been targeted in the past, highlighting the importance of prompt patching.