CVE-2024-1800

CRITICAL

Progress Telerik Report Server - Insecure Deserialization

Title source: rule

Description

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.

Exploits (3)

github WORKING POC 78 stars

by sinsinology · pythonpoc

https://github.com/sinsinology/CVE-2024-4358

View Code ZIP pw:eip

github WORKING POC 4 stars

by gh-ost00 · pythonpoc

https://github.com/gh-ost00/CVE-2024-4358

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by SinSinology, Soroush Dalili, Unknown, Spencer McIntyre · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/telerik_report_server_deserialization.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800

[Product] https://www.telerik.com/report-server

Scores

CVSS v3 9.9

EPSS 0.7233

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (1)

progress/telerik_report_server < 10.0.24.130

Published Mar 20, 2024

Tracked Since Feb 18, 2026