CVE-2024-8014
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Progress Telerik Reporting. Attackers can exploit insecure type resolution to inject malicious objects and achieve remote code execution. Organizations using Telerik Reporting versions before 2024 Q3 are affected.
💻 Affected Systems
- Progress Telerik Reporting
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the server, allowing data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Remote code execution leading to web server compromise, data exfiltration, and potential installation of backdoors or malware.
If Mitigated
Attack blocked at network perimeter or application firewall, with no successful exploitation despite attempts.
🎯 Exploit Status
Object injection vulnerabilities in .NET frameworks are commonly exploited. While no public PoC exists yet, similar vulnerabilities have been weaponized quickly.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024 Q3 (18.2.24.924) or later
Vendor Advisory: https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014
Restart Required: Yes
Instructions:
1. Download Telerik Reporting 2024 Q3 (18.2.24.924) or later from the Telerik website. 2. Update all affected applications to use the patched version. 3. Rebuild and redeploy applications. 4. Restart application servers and services.
🔧 Temporary Workarounds
Restrict Network Access
allLimit access to Telerik Reporting endpoints to trusted IP addresses only
Implement WAF Rules
allConfigure web application firewall to block suspicious serialization payloads
🧯 If You Can't Patch
- Isolate affected systems in a segmented network zone with strict egress filtering
- Implement application-level input validation and sanitization for all Telerik Reporting inputs
🔍 How to Verify
Check if Vulnerable:
Check the Telerik Reporting assembly version in your application. Versions below 18.2.24.924 are vulnerable.Check Version:
On Windows: Get-ChildItem -Path "C:\Program Files\Progress\Telerik Reporting\" -Filter "*.dll" -Recurse | Select-Object Name, VersionInfoVerify Fix Applied:
Verify the Telerik Reporting assembly version is 18.2.24.924 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual serialization errors in application logs
- Suspicious HTTP requests to Telerik Reporting endpoints
- Unexpected process creation from web application
Network Indicators:
- HTTP POST requests with serialized object payloads to reporting endpoints
- Outbound connections from web servers to unknown external IPs
SIEM Query:
source="web_server" AND (uri="*/Telerik.Reporting*" OR uri="*/api/reporting*") AND (status=500 OR method=POST)