Telerik UI for ASP.NET AJAX Known Vulnerability - 20230127002

Overview

Telerik UI for ASP.NET AJAX before R1 2020 (version 2020.1.114) contains an insecure direct object reference vulnerability and does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform file uploads in a limited location and/or execute remote arbitrary code.

What is the vulnerability?

CVE-2017-11357 - CVSS v3 Base Score: 9.8 - CRITICAL

What is vulnerable?

The vulnerability exists in the UI for ASP.NET AJAX on the following products:

• R2 2016 (Version number: 2016.2.504)
• R2 2016 SP1 (Version number: 2016.2.607)
• R3 2016 (Version number: 2016.3.914)
• R3 2016 SP1 (Version number: 2016.3.1018)
• R1 2017 (Version number: 2017.1.118)
• R1 2017 SP1 (Version number: 2017.1.228)
• R2 2017 (Version number: 2017.2.503)
• R2 2017 SP2 (Version number: 2017.2.711)
• R3 2017 (Version number: 2017.3.913)
• R1 2018 (Version number: 2018.1.117)
• R2 2018 (Version number: 2018.2.516)
• R2 2018 SP1 (Version number: 2018.2.710)
• R3 2018 (Version number 2018.3.910)
• R1 2019 (Version number: 2019.1.115)
• R3 2019 (Version number: 2019.3.916)

What has been observed?

CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog.

Recommendation

Due to the report of active exploitation and the CRITICAL severity CVSSv3 Score, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions: https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference

Additional References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11357
• https://nvd.nist.gov/vuln/detail/CVE-2017-11357
• https://www.exploit-db.com/exploits/43874