← Zuruck zu CVEs
CVE-2017-11317
CRITICALCISA KEV9.8
Beschreibung
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/23/2017
Zuletzt geandert10/22/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerTelerik
ProduktUser Interface (UI) for ASP.NET AJAX
SchwachstellennameTelerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability
KEV Aufnahmedatum2022-04-11
Behebungsfrist2022-05-02
Ransomware-NutzungUnknown
Betroffene Produkte
telerik:ui_for_asp.net_ajax
Schwachen (CWE)
CWE-326CWE-326
Referenzen
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html(cve@mitre.org)
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload(cve@mitre.org)
https://www.exploit-db.com/exploits/43874/(cve@mitre.org)
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43874/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.