VDB
CVE-2017-11317
CVE-2017-11317
PUBLISHED
CVSS 9.8 CRITICAL
Reported by mitre · Published August 23, 2017
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Exploit Intelligence
- Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX, (github-poc-repo)
- Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX, (github-poc-repo)
- Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX, (github-poc-repo)
- Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX, (github-poc-repo)
- Arbitrary code execution analysis based on Telerik-UI. This will be done so that the article can be read by others. The document provides an in-depth explanation of the various vectors involved with Telerik-UI for ASP.NET AJAX, as well as POST requests, the architecture of ASP.NET AJAX, (github-poc-repo)
- 0xr2r/CVE-2017-11317-auto-exploit- (github-poc-repo)
- 0xr2r/CVE-2017-11317-auto-exploit- (github-poc-repo)
- 0xr2r/CVE-2017-11317-auto-exploit- (github-poc-repo)
- 0xr2r/CVE-2017-11317-auto-exploit- (github-poc-repo)
- 0xr2r/CVE-2017-11317-auto-exploit- (github-poc-repo)
…and 50 more exploits
Timeline
- CVE Published
- May 7, 2020 PoC Published
- May 17, 2020 PoC Published
- Aug 13, 2020 PoC Published
- Oct 21, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 3, 2021 PoC Published
- Sep 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 11, 2022 CISA KEV Added
- May 20, 2022 EPSS Score
- Mar 19, 2023 EPSS Score
References
- 43874 exploitx_refsource_EXPLOIT-DB
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- x_refsource_MISC
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317 url