CVE-2024-0832

EUVD-2024-16615
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
progresstelerik_reporting
𝑥
< 18.0.24.130
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
progress_softwaretelerik_reporting
𝑥
< 2024-r1
ADP
Common Weakness Enumeration
References
https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability
https://www.telerik.com/products/reporting.aspx
https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability
https://www.telerik.com/products/reporting.aspx