Vulnerability Description
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telerik | Ui For Asp.Net Ajax | <= 2016.3.1027 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUploExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestrMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUploExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestrMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource
FAQ
What is CVE-2017-11317?
CVE-2017-11317 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or ...
How severe is CVE-2017-11317?
CVE-2017-11317 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-11317?
Check the references section above for vendor advisories and patch information. Affected products include: Telerik Ui For Asp.Net Ajax.