EDB-43874
webappsaspx
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
CVE-2017-11357CVE-2017-11317
Paul Taylor1/24/2018
CVE-2017-11317
9.8CRITICALTelerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or
Published: 8/23/2017Updated: 10/22/2025
CISA Known Exploited Vulnerability
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Required Action:
Apply updates per vendor instructions.
Due Date:
2022-05-02
Description
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
AI AnalysisPowered by AI
Affected Products
telerikui_for_asp.net_ajax
telerikui_for_asp.net_ajax
2017.2.503
telerikui_for_asp.net_ajax
2017.2.621
Available Exploits (1)
References
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317