PT-2017-3938 · Telerik · Telerik Ui For Asp.Net Ajax

Paul Taylor

Publicado

2017-08-22

Atualizado

2025-10-07

CVE-2017-11317

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2

Description The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. This can be exploited by a remote attacker to upload files or execute code.

Recommendations For versions prior to R1 2017, update to R1 2017 or later to resolve the issue. For R2 versions prior to R2 2017 SP2, update to R2 2017 SP2 or later to resolve the issue. As a temporary workaround, consider disabling the RadAsyncUpload feature until a patch is available.

Exploit

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

BDU:2020-02117

CVE-2017-11317

Produtos afetados

Telerik Ui For Asp.Net Ajax

PT-2017-3938 · Telerik · Telerik Ui For Asp.Net Ajax

CVE-2017-11317

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25