CVE-2017-11317

Warnung

Exploit

EPSS 92.24%
Veröffentlicht 23.08.2017 17:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Telerik ≫ Ui For Asp.Net Ajax Version <= 2016.3.1027

Telerik ≫ Ui For Asp.Net Ajax Version2017.2.503

Telerik ≫ Ui For Asp.Net Ajax Version2017.2.621

11.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

Schwachstelle

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	92.24%	0.997

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html

Third Party Advisory

Exploit

VDB Entry

http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload

Vendor Advisory

Mitigation

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006

Third Party Advisory

https://www.exploit-db.com/exploits/43874/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-11317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11317

EUVD