Vulnerability Description
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress | Telerik Ui For Asp.Net Ajax | < 2020.1.114 |
Related Weaknesses (CWE)
References
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecurMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecurMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource
FAQ
What is CVE-2017-11357?
CVE-2017-11357 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary co...
How severe is CVE-2017-11357?
CVE-2017-11357 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-11357?
Check the references section above for vendor advisories and patch information. Affected products include: Progress Telerik Ui For Asp.Net Ajax.