9.8

CVE-2017-11317

Warnung
Exploit
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TelerikUi For Asp.Net Ajax Version <= 2016.3.1027
TelerikUi For Asp.Net Ajax Version2017.2.503
TelerikUi For Asp.Net Ajax Version2017.2.621

11.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

Schwachstelle

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 91.98% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://www.exploit-db.com/exploits/43874/
Third Party Advisory
Exploit
VDB Entry