← Voltar para CVEs
CVE-2017-9248
CRITICALCISA KEV9.8
Descricao
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/3/2017
Ultima modificacao4/21/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorProgress
ProdutoASP.NET AJAX and Sitefinity
Nome da vulnerabilidadeProgress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareUnknown
Produtos afetados
progress:sitefinitytelerik:ui_for_asp.net_ajax
Fraquezas (CWE)
CWE-522CWE-522
Referencias
http://www.securityfocus.com/bid/99965(cve@mitre.org)
http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity(cve@mitre.org)
https://www.exploit-db.com/exploits/43873/(cve@mitre.org)
http://www.securityfocus.com/bid/99965(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43873/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9248(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.