1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability

Known Exploited Vulnerabilities CVE-2024-4358 Mappings

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-4358 Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2024-4358 is an authentication bypass vulnerability. This has been seen to be chained with CVE-2024-1800 in order to achieve remote code execution.
References
  1. https://www.tenable.com/blog/cve-2024-4358-cve-2024-1800-exploit-code-available-for-critical-exploit-chain