Multiple Progress Telerik UI Vulnerabilities Exploited in the Wild

Read Time:2 Minute, 11 Second

FortiGuard Labs recently observed that multiple vulnerabilities (CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357) in Progress Telerik UI (User Interface) are being exploited in chain to achieve arbitrary code execution on a remote machine. On March 15th, CISA released an advisory that multiple threat actors exploited unpatched IIS servers in a U.S. federal agency.Why is this Significant?This is significant because three Progress Telerik UI vulnerabilities are being exploited in chain for arbitrary code execution. On March 15th, 2023, CISA released an advisory that multiple threat actors exploited vulnerable IIS servers in a U.S. federal agency. As such, the patches need to be applied as soon as possible.What is CVE-2019-18935?CVE-2019-18935 is a critical deserialization of untrusted data vulnerability in the RadAsyncUpload functionProgress function of Telerik UI for ASP.NET AJAX, a suite of UI components for web applications. Successful exploitation of the vulnerability allows remote attackers to perform arbitrary file uploads or execute arbitrary code when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11317?CVE-2017-11317 is an unrestricted file upload vulnerability in Telerik UI for ASP.NET AJAX. It leverages weakness RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11357?CVE-2017-11357 is an arbitrary file upload vulnerability in Telerik UI for ASP.NET AJAX components. It is an insecure direct object reference vulnerability in the RadAsyncUpload function, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code by manipulating user input.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.Has the Vendor Released an Advisory for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357?Yes. See the Appendix for a link to “Unrestricted File Upload in RadAsyncUpload”, “Allows JavaScriptSerializer Deserialization” and “Insecure Direct Object Reference in RadAsyncUpload”.Has the Vendor Released a Patch for the Vulnerabilities?Yes. Patches are available for all three vulnerabilities.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357:Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload

RansomHouse ransomware: what you need to know

Slopsquatting

The AI Fix #46: AI can read minds now, and is your co-host a clone?

North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers

Compliance Now Biggest Cyber Challenge for UK Financial Services

Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities

LabHost Phishing Mastermind Sentenced to 8.5 Years

Closing the Gap: How to Build a Consistent Exposure and Vulnerability Management Workflow

Multiple Progress Telerik UI Vulnerabilities Exploited in the Wild

USN-7439-1: QuickJS vulnerabilities

USN-7438-1: 7-Zip vulnerabilities

mingw-libsoup-2.74.3-10.fc41

mingw-libsoup-2.74.3-10.fc42

mingw-libsoup-2.74.3-10.fc40

giflib-5.2.2-6.fc40