Sources

• https://docs.telerik.com/reporting/knowledge-base/deserialization-vulner...
• https://docs.telerik.com/report-server/knowledge-base/deserialization-vu...

Risks

On 20 March 2024 Progress disclosed 3 vulnerabilities in Progress Telerik Reporting and Progress Telerik Report Server (CVE-2024-1800, CVE-2024-1801 and CVE-2024-1856).

There is no information as of yet that these vulnerabilities are being actively exploited (cutoff date: 26 April 2024). However, ransomware groups have been known to exploit vulnerabilities in Progress

software in the past. It is the case for instance of Cl0p ransomware, which compromised over 2.300 organizations using a vulnerability (CVE-2023-34362) in Progress MOVEit[1].

Exploitation of these vulnerabilities have a high impact on confidentiality, and a low to high impact on integrity and availability depending on the precise vulnerability being exploited. 

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Please note Progress Telerik specifically reported that upgrading to the latest version (10.0.24.305) is the only way to remove these vulnerabilities. 

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

• https://www.cybersecuritydive.com/news/progress-software-moveit-meltdown/703659/#:~:text=Clop%2C%20a%20highly%20prolific%2C%20financially,from%20the%20file%2Dtransfer%20service
• https://docs.telerik.com/reporting/knowledge-base/deserialization-vulner...
• https://docs.telerik.com/report-server/knowledge-base/deserialization-vu...