VDB
BDU%3A2021-04399
BDU%3A2021-04399
PUBLISHED
CVSS 10 CRITICAL
Уязвимость библиотеки Telerik.Web.UI.dll программного средства Telerik UI для ASP.NET AJAX и системы управления веб-контентом Sitefinity, позволяющая нарушителю раскрыть ключи шифрования (Telerik.Web.UI.DialogParametersEncryptionKey и/или MachineKey)
Risk Scores
CVSS 2.0
10
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telerik AD | Telerik UI, Sitefinity |
Exploit Intelligence
- A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. (github-poc-repo)
- ictnamanh/CVE-2017-9248 (github-poc-repo)
- Exploit CVE-2017-9248 Telerik ReMix from Paul Taylor's script. Exploit Telerik lastest version fixed vuln. ReMix by TinoKa & Shaco JX (github-poc-repo)
- Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler) (github-poc-repo)
- Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler) (github-poc-repo)
- Telerik CVE-2017-9248 Vulnerability Scanner (github-poc-repo)
- Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler. (github-poc-repo)
- Telerik CVE-2017-9248 Vulnerability Scanner (github-poc)
- Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler) (github-poc)
- Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler. (github-poc)
…and 9 more exploits
Timeline
- Sep 7, 2021 CVE Published
- Nov 29, 2021 CVE Updated
References
- http://www.securityfocus.com/bid/99965 url
- http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity url
- http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness url
- https://www.exploit-db.com/exploits/43873/ url
- https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness advisory