Login Sign Up

CVE-2024-4358

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

An authentication bypass vulnerability in Progress Telerik Report Server allows unauthenticated attackers to access restricted functionality. This affects versions 2024 Q1 (10.0.24.305) and earlier running on IIS. Organizations using vulnerable Telerik Report Server deployments are at risk.

💻 Affected Systems

Products:
  • Progress Telerik Report Server
Versions: 2024 Q1 (10.0.24.305) and earlier
Operating Systems: Windows with IIS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations on IIS web server. Other deployment methods may not be vulnerable.

📦 What is this software?

Report Server 2024 by Telerik

View all CVEs affecting Report Server 2024 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Telerik Report Server instance, allowing attackers to access sensitive reports, modify configurations, and potentially pivot to other systems.

🟠

Likely Case

Unauthorized access to confidential reports and data stored in the reporting system, potentially leading to data exfiltration.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CISA has added this to their Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024 Q2 (10.0.24.514) or later

Vendor Advisory: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358

Restart Required: Yes

Instructions:

1. Download the latest version from Telerik website. 2. Backup current installation. 3. Run the installer to upgrade. 4. Restart IIS services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Access Restriction

windows

Restrict network access to Telerik Report Server to only trusted IP addresses

Use Windows Firewall or network ACLs to limit access

IIS Request Filtering

windows

Configure IIS request filtering to block suspicious patterns

Configure in IIS Manager > Request Filtering

🧯 If You Can't Patch

  • Isolate the Telerik Report Server in a separate network segment with strict access controls
  • Implement web application firewall (WAF) rules to detect and block authentication bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check Telerik Report Server version in administration panel or examine installed program version in Windows Programs and Features

Check Version:

Check Telerik Report Server web interface or examine installed programs

Verify Fix Applied:

Verify version is 10.0.24.514 or later and test authentication requirements for restricted functionality

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to restricted endpoints
  • Failed authentication attempts followed by successful access

Network Indicators:

  • Unusual traffic patterns to Telerik Report Server from untrusted sources

SIEM Query:

source="Telerik Report Server" AND (event_type="authentication_bypass" OR status="200" AND user="anonymous")

📊 Metadata

CVE ID: CVE-2024-4358
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-290
Published: May 29, 2024
Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4358, you might also want to check these:

CVE-2025-66570 10.0

This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT,...

Same vulnerability type (CWE-290)
CVE-2022-2310 10.0

CVE-2022-2310 is an authentication bypass vulnerability in Skyhigh Secure Web Gateway (SWG) that all...

Same vulnerability type (CWE-290)
CVE-2020-26276 10.0

This vulnerability allows attackers to modify trusted SAML responses in Fleet osquery manager, enabl...

Same vulnerability type (CWE-290)