← Zuruck zu CVEs
CVE-2017-11357
CRITICALCISA KEV9.8
Beschreibung
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/23/2017
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerTelerik
ProduktUser Interface (UI) for ASP.NET AJAX
SchwachstellennameTelerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
KEV Aufnahmedatum2023-01-26
Behebungsfrist2023-02-16
Ransomware-NutzungKnown
Betroffene Produkte
progress:telerik_ui_for_asp.net_ajax
Schwachen (CWE)
CWE-434CWE-434
Referenzen
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference(cve@mitre.org)
https://www.exploit-db.com/exploits/43874/(cve@mitre.org)
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43874/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11357(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.