Multiple Progress Telerik UI Vulnerabilities Exploited in the Wild

Read Time:2 Minute, 11 Second

FortiGuard Labs recently observed that multiple vulnerabilities (CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357) in Progress Telerik UI (User Interface) are being exploited in chain to achieve arbitrary code execution on a remote machine. On March 15th, CISA released an advisory that multiple threat actors exploited unpatched IIS servers in a U.S. federal agency.Why is this Significant?This is significant because three Progress Telerik UI vulnerabilities are being exploited in chain for arbitrary code execution. On March 15th, 2023, CISA released an advisory that multiple threat actors exploited vulnerable IIS servers in a U.S. federal agency. As such, the patches need to be applied as soon as possible.What is CVE-2019-18935?CVE-2019-18935 is a critical deserialization of untrusted data vulnerability in the RadAsyncUpload functionProgress function of Telerik UI for ASP.NET AJAX, a suite of UI components for web applications. Successful exploitation of the vulnerability allows remote attackers to perform arbitrary file uploads or execute arbitrary code when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11317?CVE-2017-11317 is an unrestricted file upload vulnerability in Telerik UI for ASP.NET AJAX. It leverages weakness RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11357?CVE-2017-11357 is an arbitrary file upload vulnerability in Telerik UI for ASP.NET AJAX components. It is an insecure direct object reference vulnerability in the RadAsyncUpload function, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code by manipulating user input.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.Has the Vendor Released an Advisory for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357?Yes. See the Appendix for a link to “Unrestricted File Upload in RadAsyncUpload”, “Allows JavaScriptSerializer Deserialization” and “Insecure Direct Object Reference in RadAsyncUpload”.Has the Vendor Released a Patch for the Vulnerabilities?Yes. Patches are available for all three vulnerabilities.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357:Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

Multiple Progress Telerik UI Vulnerabilities Exploited in the Wild

USN-7169-5: Linux kernel (Real-time) vulnerabilities

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Ivanti Connect Secure Zero-Day Vulnerability