ID:6283 - Exploit for Improper security restrictions in UI for ASP.NET AJAX - CVE-2017-11317

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6283 - Exploit for Improper security restrictions in UI for ASP.NET AJAX - CVE-2017-11317

ID:6283 - Exploit for Improper security restrictions in UI for ASP.NET AJAX - CVE-2017-11317

Published: June 17, 2021


Vulnerability identifier: #VU9684
Vulnerability risk: High
CVE-ID: CVE-2017-11317
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
UI for ASP.NET AJAX

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to weak RadAsyncUpload control encryption mechanism for data encryption. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Update to version 2017.1.118 and 2017.2.711.