- Posted June 05, 2024
- Cyber Security Alerts
The NCSC would like to draw your attention to CVE-2024-4358 and CVE-2024-1800(external link) affecting Progress Telerik Report Servers. The chaining of these two vulnerabilities can lead to unauthenticated remote code execution on vulnerable servers. The NCSC is aware of a publicly available proof of concept (PoC).
CVE-2024-4358 can allow an unauthenticated attacker to gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVE-2024-1800 can lead to remote code execution through an insecure deserialisation vulnerability.
The NCSC encourages organisations in New Zealand that use the affected product to review the vendor advisory(external link), check impacted devices for evidence of exploitation and compromise, and apply the patches as soon as possible.
If your organisation has seen or does see evidence of compromise related to CVE-2024-4358 and CVE-2024-1800, please contact ncscincidents@ncsc.govt.nz.
Received an alert or advisory from both CERT NZ and NCSC? At present, we use both brands and a range of distribution mechanisms to ensure everyone continues to receive the information they need. Behind the scenes, our teams continue to work together to share insights and align our guidance.
For more NCSC NZ updates, follow(external link) us on LinkedIn.