CVE-2024-4837
📋 TL;DR
This vulnerability allows unauthenticated attackers to access restricted functionality in Progress Telerik Report Server due to a trust boundary violation. It affects Telerik Report Server version 2024 Q1 (10.0.24.305) and earlier when deployed on IIS. Attackers can bypass authentication controls to reach protected server features.
💻 Affected Systems
- Progress Telerik Report Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Unauthenticated attackers gain administrative access to the report server, potentially accessing sensitive reports, modifying configurations, or using server functionality for further attacks.
Likely Case
Attackers access restricted report server functionality, potentially viewing sensitive reports or configuration data they shouldn't have access to.
If Mitigated
With proper network segmentation and access controls, impact is limited to the report server instance itself.
🎯 Exploit Status
The vulnerability description indicates unauthenticated access, suggesting relatively simple exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 10.0.24.305 (check vendor advisory for exact version)
Vendor Advisory: https://docs.telerik.com/report-server/knowledge-base/information-exposure-cve-2024-4837
Restart Required: Yes
Instructions:
1. Download latest Telerik Report Server version from vendor portal. 2. Backup current installation and configuration. 3. Run installer to upgrade. 4. Restart IIS services. 5. Verify functionality.
🔧 Temporary Workarounds
Network Access Restriction
windowsRestrict network access to Telerik Report Server to only trusted IP addresses or networks.
Use Windows Firewall: New-NetFirewallRule -DisplayName "Restrict Telerik Report Server" -Direction Inbound -LocalPort 80,443 -Protocol TCP -RemoteAddress 192.168.1.0/24 -Action Allow
IIS IP Restrictions
windowsConfigure IIS IP address and domain restrictions to limit access.
In IIS Manager: Select site -> IP Address and Domain Restrictions -> Add Allow Entry for specific IP ranges
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to the report server
- Monitor server logs for unauthorized access attempts and implement additional authentication layers
🔍 How to Verify
Check if Vulnerable:
Check Telerik Report Server version in administration interface or installation directory. Versions 10.0.24.305 and earlier are vulnerable.Check Version:
Check %PROGRAMFILES%\Progress\Telerik Report Server\version.txt or administration interfaceVerify Fix Applied:
Verify version is updated beyond 10.0.24.305 and test that unauthenticated access to restricted functionality is blocked.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated requests to restricted endpoints
- Access to /api/ or /reportserver/ paths without authentication
- Failed authentication attempts followed by successful access
Network Indicators:
- Unusual traffic patterns to report server from unauthenticated sources
- Requests bypassing authentication endpoints
SIEM Query:
source="iis" AND (url="*/api/*" OR url="*/reportserver/*") AND status=200 AND user="-"