Vulnerability Details : CVE-2017-11317
Public exploit exists!
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2017-11317
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.503:*:*:*:*:*:*:*
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.621:*:*:*:*:*:*:*
CVE-2017-11317 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2017-11317
Added on
2022-04-11
Action due date
2022-05-02
Exploit prediction scoring system (EPSS) score for CVE-2017-11317
93.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-11317
-
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Disclosure Date: 2019-12-09First seen: 2020-10-20exploit/windows/http/telerik_rau_deserializationThis module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through t
CVSS scores for CVE-2017-11317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-03 |
CWE ids for CVE-2017-11317
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-11317
-
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload
Unrestricted File Upload - Telerik UI for ASP.NET AJAX - KBMitigation;Vendor Advisory
-
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006
SonicWall Security AdvisoryThird Party Advisory
-
https://www.exploit-db.com/exploits/43874/
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File UploadExploit;Third Party Advisory;VDB Entry
Jump to