How severe is CVE-2017-11357?

CVE-2017-11357 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2017-11357

Name: ui_for_asp.net_ajax
Author: telerik

9.8CRITICAL

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary co

게시됨: 8/23/2017업데이트됨: 10/22/2025

CISA 알려진 악용 취약점

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.

필요한 조치:

Apply updates per vendor instructions.

마감일:

2023-02-16

알려진 랜섬웨어 사용

설명

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

AI 분석AI 기반

영향받는 제품

telerikui_for_asp.net_ajax

CISA 알려진 악용 취약점

설명

AI 분석AI 기반

영향받는 제품

사용 가능한 익스플로잇 (1)

Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload

참조