CVE-2017-11357

Warning

Exploit

EPSS 93.42%
Published 23.08.2017 17:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Affected products Warnungen 1 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Telerik ≫ Ui For Asp.Net Ajax Version < 2020.1.114

26.01.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability

Vulnerability

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.42%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.exploit-db.com/exploits/43874/

Third Party Advisory

Exploit

VDB Entry

http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-11357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11357

EUVD