Platform
dotnet
Component
telerik-reporting
Fixed in
2024 R1
CVE-2024-0832 describes a privilege elevation vulnerability discovered in Telerik Reporting's installer component. This flaw allows a lower-privileged user, within an environment already running Telerik Reporting, to manipulate the installation package and gain elevated privileges on the operating system. The vulnerability affects versions 1.0 through 2023 R3, and a fix is available in version 2024 R1.
The primary impact of CVE-2024-0832 is the potential for privilege escalation. An attacker, already possessing limited access to a system with Telerik Reporting installed, can exploit this vulnerability to gain administrative or system-level privileges. This could allow them to install malicious software, modify system configurations, steal sensitive data, or compromise the entire system. The ability to manipulate the installation package represents a significant attack vector, as it bypasses typical security controls designed to prevent unauthorized privilege elevation. This vulnerability is particularly concerning in environments where user access controls are not strictly enforced or where the installation process is not adequately secured.
CVE-2024-0832 was publicly disclosed on January 31, 2024. There are currently no known public exploits or active campaigns targeting this vulnerability. Its EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Exploit Status
EPSS
0.67% (71% percentile)
CVSS Vector
The primary mitigation for CVE-2024-0832 is to upgrade Telerik Reporting to version 2024 R1 or later, which contains the fix. If an immediate upgrade is not feasible, consider restricting user access to the installation directory and disabling the ability to modify the installation package. Implement strict user access controls and regularly review user permissions. Monitor system logs for any suspicious activity related to the installation process. While a WAF or proxy cannot directly mitigate this vulnerability, they can help detect and block malicious attempts to manipulate the installation package.
Actualice Telerik Reporting a la versión 2024 R1 o posterior. Esto solucionará la vulnerabilidad de elevación de privilegios en el instalador. Descargue la versión más reciente desde el sitio web oficial de Telerik.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-0832 is a vulnerability in Telerik Reporting allowing a lower-privileged user to elevate their privileges by manipulating the installation package. It's rated HIGH severity (CVSS 7.8).
You are affected if you are using Telerik Reporting versions 1.0–2023 R3. Upgrade to 2024 R1 or later to resolve the issue.
Upgrade Telerik Reporting to version 2024 R1 or later. As a temporary workaround, restrict user access to the installation directory.
As of now, there are no known public exploits or active campaigns targeting CVE-2024-0832, but continuous monitoring is recommended.
Refer to the official Telerik security advisory for detailed information and updates: [https://www.telerik.com/security/CVE/CVE-2024-0832](https://www.telerik.com/security/CVE/CVE-2024-0832)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.