Brackket Index

Contact Us
  1. Home
  2. queries
  3. Telerik Report Server deserialization and authentication bypass

Telerik Report Server deserialization and authentication bypass

Details

Type
Vulnerability
CVE
CVE-2024-4358
Exploit
https://github.com/sinsinology/CVE-2024-4358
References

https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358

https://dashboard.shadowserver.org/statistics/combined/tree/?day=2024-06-05&source=http_vulnerable&source=http_vulnerable6&tag=cve-2024-4358+&geo=all&data_set=count&scale=log

Tags
telerik iis authentication bypass
Published Date
2024-06-07
Last Modified
2024-06-09

Notes

Summary

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

Impact

This vulnerability allows an unauthenticated remote attacker to bypass authentication and gain unauthorized access to Telerik Report Server’s restricted functionality. This could lead to data theft, code execution, or complete system compromise.

Queries

Ce
censys
services.h Part of private feed. Please contact us.
Fo
fofa
title="Tel Part of private feed. Please contact us.
Hu
hunterhow
product.na Part of private feed. Please contact us.
Ne
netlas
(Telerik R Part of private feed. Please contact us.
Sh
shodan
http.title Part of private feed. Please contact us.
Zo
zoomeye
app:"Teler Part of private feed. Please contact us.
© 2024 Brackket Index.