What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator users. The flaw, tracked as CVE-2024-4358, has been added to CISA’s known exploited vulnerabilities catalog (KEV) in mid-June and FortiGuard Labs continues to see attack attempts targeting this particular vulnerability.What is the recommended Mitigation?Apply mitigations as outlined in the vendor instructions: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature “Progress.Telerik.Report.Server.Register.Authentication.Bypass” which was released in mid-June to detect and block any attack attempts targeting the vulnerability (CVE-2024-4358). The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More