VDB
CVE-2017-11357
CVE-2017-11357
PUBLISHED
CVSS 9.8 CRITICAL
Reported by mitre · Published August 23, 2017
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Exploit Intelligence
- Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) (github-poc-repo)
- Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) (github-poc-repo)
- Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) (github-poc-repo)
- Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) (github-poc-repo)
- https://www.exploit-db.com/exploits/43874/ (nist-nvd)
- The insecure deserialization of JSON objects in Telerik UI for ASP.NET results in arbitrary remote code execution. An attacker can break the RadAsyncUpload encryption (or have prior knowledge of your custom encryption keys) and stage a malicious request. Affects: v2011.1.315 - 2017.2.621 without keys v2011.1.315 - 2020.1.114 with encryption keys Big Ups: Markus Wulftange (@mwulftange) && Paul Taylor (@bao7uo) Ref: https://github.com/noperator/CVE-2019-18935 See: https://github.com/bao7uo/RAU_... (nmap-nse)
- The insecure deserialization of JSON objects in Telerik UI for ASP.NET results in arbitrary remote code execution. An attacker can break the RadAsyncUpload encryption (or have prior knowledge of your custom encryption keys) and stage a malicious request. Affects: v2011.1.315 - 2017.2.621 without keys v2011.1.315 - 2020.1.114 with encryption keys Big Ups: Markus Wulftange (@mwulftange) && Paul Taylor (@bao7uo) Ref: https://github.com/noperator/CVE-2019-18935 See: https://github.com/bao7uo/RAU_... (nmap-nse)
- The insecure deserialization of JSON objects in Telerik UI for ASP.NET results in arbitrary remote code execution. An attacker can break the RadAsyncUpload encryption (or have prior knowledge of your custom encryption keys) and stage a malicious request. Affects: v2011.1.315 - 2017.2.621 without keys v2011.1.315 - 2020.1.114 with encryption keys Big Ups: Markus Wulftange (@mwulftange) && Paul Taylor (@bao7uo) Ref: https://github.com/noperator/CVE-2019-18935 See: https://github.com/bao7uo/RAU_... (nmap-nse)
- kev.json (github-poc)
- kev.json (github-poc)
…and 4 more exploits
Timeline
- Aug 23, 2017 CVE Published
- May 17, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 26, 2023 CISA KEV Added
- Feb 9, 2023 EPSS Score
References
- 43874 exploitx_refsource_EXPLOIT-DB
- x_refsource_CONFIRM
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11357 url