CVE-2024-4358: 
Telerik Report Server vulnerability analysis and mitigation

A critical authentication bypass vulnerability (CVE-2024-4358) affects Progress Telerik Report Server version 2024 Q1 (10.0.24.305) and earlier versions running on IIS. The vulnerability allows unauthenticated attackers to gain access to restricted functionality within the Telerik Report Server. This vulnerability was discovered by Sina Kheirkhah of Summoning Team and carries a critical CVSS score of 9.8 (Telerik Advisory, Arctic Wolf).

The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) and enables remote unauthenticated attackers to create administrator users and login to the system. The vulnerability has been described as 'very simple' to exploit and can be used to bypass authentication mechanisms (Hacker News).

The vulnerability allows attackers to bypass authentication and create rogue administrator accounts, potentially leading to complete system compromise. When chained with another vulnerability (CVE-2024-1800), it could enable remote code execution with elevated privileges (Arctic Wolf, Hacker News).

The vulnerability has been patched in Report Server 2024 Q2 (10.1.24.514). As a temporary workaround, organizations can implement a URL Rewrite mitigation technique in IIS to remove the attack surface. This includes installing the URL Rewrite IIS module and creating a request blocking rule for 'startup/register'. Organizations should also review their Report Server's users list for any unauthorized new Local users (Telerik Advisory).

The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch agencies to remediate it by July 4th, 2024. This addition highlights the severity and potential impact of the vulnerability (CISA).