SB2017121901 - Remote code execution in Progress Telerik UI for ASP.NET AJAX

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper security restrictions (CVE-ID: CVE-2017-11317)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to weak RadAsyncUpload control encryption mechanism for data encryption. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Improper security restrictions (CVE-ID: CVE-2017-11357)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to use of user-supplied input by RadAsyncUpload without modification or validation. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload
• https://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-ref...