Remote code execution in Progress Telerik UI for ASP.NET AJAX

Published: 2017-12-19 13:19:16
Severity High
Patch available YES
Number of vulnerabilities 2
CVSSv2 7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-11317
CVE-2017-11357
CWE ID CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software UI for ASP.NET AJAX
Vulnerable software versions UI for ASP.NET AJAX 2017.2.621
UI for ASP.NET AJAX 2017.2.503
UI for ASP.NET AJAX 2016.3.1027
Vendor URL Progress Telerik
Advisory type Public

Security Advisory

1) Improper security restrictions

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to weak RadAsyncUpload control encryption mechanism for data encryption. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 2017.1.118 and 2017.2.711.

External links

https://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload

2) Improper security restrictions

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to use of user-supplied input by RadAsyncUpload without modification or validation. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 2017.2.711.

External links

https://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-ref...

Back to List