← Retour aux CVEs
CVE-2017-9248
CRITICALCISA KEV9.8
Description
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/3/2017
Derniere modification4/21/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurProgress
ProduitASP.NET AJAX and Sitefinity
Nom vulnerabiliteProgress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
progress:sitefinitytelerik:ui_for_asp.net_ajax
Faiblesses (CWE)
CWE-522CWE-522
References
http://www.securityfocus.com/bid/99965(cve@mitre.org)
http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity(cve@mitre.org)
https://www.exploit-db.com/exploits/43873/(cve@mitre.org)
http://www.securityfocus.com/bid/99965(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43873/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9248(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.