Threat Intelligence / CVE / CVE-2017-11317
CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-326
Threats tracking this CVE
- APT35 (Charming Kitten) GCC Pre-Positioning Cyber Reconnaissance Campaign Enabling Kinetic Targeting — CRITICAL
References
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006
- https://www.exploit-db.com/exploits/43874/
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006
- https://www.exploit-db.com/exploits/43874/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317
Full detection coverage & IOCs for threats exploiting CVE-2017-11317 are available via the Threadlinqs MCP server (Purple tier). View plans →