CVE-2024-4358 Progress CVE debrief

Who should care

Security teams, system administrators, and vulnerability managers responsible for Progress Telerik Report Server deployments should treat this as urgent. Incident response teams should also review exposed instances and authentication-related activity.

Technical summary

The supplied corpus identifies CVE-2024-4358 as a Progress Telerik Report Server authentication bypass by spoofing vulnerability. CISA KEV enrollment on 2024-06-13 indicates known exploitation. The corpus does not provide exploit mechanics, affected version ranges, or a CVSS score; it does state the required defensive action is to apply vendor mitigations or discontinue use if mitigations are unavailable.

Defensive priority

Urgent

Recommended defensive actions

• Inventory all Progress Telerik Report Server deployments and confirm whether any internet-facing or otherwise exposed instances exist.
• Apply the vendor mitigation guidance referenced by CISA as soon as possible.
• If mitigations are unavailable or cannot be applied safely, discontinue use of the product as CISA recommends.
• Review authentication logs and administrative activity for signs of unauthorized access around the KEV date and after.
• Validate the product status against the vendor and NVD records before returning any affected instance to service.

Evidence notes

This debrief is based on the supplied CISA KEV source item and official CVE/NVD/CISA records. The corpus confirms: vendor project Progress, product Telerik Report Server, vulnerability name "Authentication Bypass by Spoofing Vulnerability," KEV dateAdded 2024-06-13, dueDate 2024-07-04, and requiredAction to apply vendor mitigations or discontinue use if mitigations are unavailable. No CVSS score was provided in the supplied data, and knownRansomwareCampaignUse is marked Unknown. The source notes also reference a Progress knowledge base article on registration/auth bypass and the NVD detail page.

Official resources