Login Sign Up

CVE-2024-1800

9.9 CRITICAL
Remote Code Execution Deserialization

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Progress Telerik Report Server through insecure deserialization. Attackers can exploit this to gain full control of affected systems. Organizations using Telerik Report Server versions before 2024 Q1 are affected.

💻 Affected Systems

Products:
  • Progress Telerik Report Server
Versions: All versions prior to 2024 Q1 (10.0.24.130)
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with default configurations are vulnerable. The vulnerability exists in the deserialization mechanism.

📦 What is this software?

Telerik Report Server by Progress

View all CVEs affecting Telerik Report Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or system takeover.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Insecure deserialization vulnerabilities are frequently weaponized. The high CVSS score suggests exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024 Q1 (10.0.24.130) or later

Vendor Advisory: https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800

Restart Required: Yes

Instructions:

1. Download Telerik Report Server 2024 Q1 (10.0.24.130) or later from the vendor portal. 2. Backup current configuration and data. 3. Install the updated version following vendor documentation. 4. Restart the Report Server service.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Telerik Report Server to only trusted IP addresses

Application Firewall Rules

all

Implement WAF rules to block deserialization attack patterns

🧯 If You Can't Patch

  • Immediately isolate affected systems from internet and untrusted networks
  • Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Telerik Report Server version in administration interface or installation directory

Check Version:

Check version in Telerik Report Server web interface under Settings > About

Verify Fix Applied:

Verify version is 10.0.24.130 or later and test report server functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual deserialization errors
  • Suspicious process creation from report server
  • Unexpected network connections from report server

Network Indicators:

  • Malformed serialized objects in HTTP requests to report server endpoints
  • Unexpected outbound connections from report server

SIEM Query:

source="telerik-report-server" AND (event_type="error" AND message="*deserialization*" OR process_name="cmd.exe" OR process_name="powershell.exe")

📊 Metadata

CVE ID: CVE-2024-1800
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-502
Published: March 20, 2024
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1800, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)