CVE-2024-0832
Privilege Elevation via Telerik Reporting Installer
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
En las versiones de Telerik Reporting anteriores a 2024 R1, se identificó una vulnerabilidad de elevación de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalación de Telerik Reporting, un usuario con privilegios bajos tiene la capacidad de manipular el paquete de instalación para elevar sus privilegios en el sistema operativo subyacente.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-23 CVE Reserved
- 2024-01-31 CVE Published
- 2024-02-10 EPSS Updated
- 2024-08-23 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
- CAPEC-233: Privilege Escalation
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.telerik.com/products/reporting.aspx | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability | 2024-02-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Progress Search vendor "Progress" | Telerik Reporting Search vendor "Progress" for product "Telerik Reporting" | < 18.0.24.130 Search vendor "Progress" for product "Telerik Reporting" and version " < 18.0.24.130" | - |
Affected
| ||||||