The Download
Progress Software announced another critical vulnerability in Progress Telerik Report Server UI components, identified as CVE-2024-6327. This flaw, present in the Telerik UI for ASP.NET AJAX framework, allows attackers to execute arbitrary code remotely due to improper input validation when chained with another Telerik vulnerability. This vulnerability is particularly concerning because it can be exploited to gain full control over affected systems, potentially leading to data breaches or system compromise. Previously, a Progress Software vulnerability (CVE-2019-18935) has been weaponized by nation state actors (APTs) to attack Federal agencies. The APT behind those attacks were believed to be of Chinese origin.
What You Can Do
To mitigate the risk posed by CVE-2024-6327, system administrators should immediately apply the latest security patches provided by Progress Telerik to their UI components. Additionally, it's vital to review and update any custom implementations of Telerik controls to ensure they are not exposing the vulnerability. Using ThreatMate you can identify vulnerabilities before adversaries have a chance to exploit them.
To Learn More: