← back
CVE-2017-11317

CVE-2017-11317

CVSS 9.8 CRITICALEPSS 83.5%● KEVCWE-326
In short

Telerik UI for ASP.NET AJAX uses weak encryption in its file upload feature, allowing attackers to upload malicious files or execute code on the server without proper authentication.

Technical detail

CVE-2017-11317 exploits weak encryption (CWE-326) in Telerik.Web.UI RadAsyncUpload component. Remote attackers can bypass security mechanisms to perform arbitrary file uploads or achieve remote code execution. The vulnerability affects Progress Telerik UI for ASP.NET AJAX versions before R1 2017 and R2 before R2 2017 SP2.

Summary generated and translated by AI from the official description.
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found7
githubgithub.com/bao7uo/RAU_crypto181githubgithub.com/KasunPriyashan/Telerik-UI-ASP.NET-AJAX-Exploitation1githubgithub.com/0xr2r/CVE-2017-11317-auto-exploit-1githubgithub.com/KasunPriyashan/Unrestricted-File-Upload-by-Weak-Encryption-affected-versions-CVE-2017-11317-Remote-Code-Execut0cve_referencewww.exploit-db.com/exploits/43874/unverifiedcve_referencepacketstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlunverifiedexploitdbwww.exploit-db.com/exploits/43874unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317https://www.exploit-db.com/exploits/43874/http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload