Severity | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE ID | CVE-2017-11317 CVE-2017-11357 |
CVSSv3 |
8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] 8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
CWE ID | CWE-264 |
Exploitation vector | Network |
Public exploit | Not available |
Vulnerable software |
UI for ASP.NET AJAX |
Vulnerable software versions |
UI for ASP.NET AJAX 2017.2.621 UI for ASP.NET AJAX 2017.2.503 UI for ASP.NET AJAX 2016.3.1027 |
Vendor URL | Progress Telerik |
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to weak RadAsyncUpload control encryption mechanism for data encryption. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2017.1.118 and 2017.2.711.
External linkshttps://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to use of user-supplied input by RadAsyncUpload without modification or validation. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
RemediationUpdate to version 2017.2.711.
External links