PT-2017-3938 · Telerik · Telerik Ui For Asp.Net Ajax
Paul Taylor
·
Published
2017-08-22
·
Updated
2025-10-07
·
CVE-2017-11317
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Telerik UI for ASP.NET AJAX versions prior to R1 2017
Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2
Description
The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. This can be exploited by a remote attacker to upload files or execute code.
Recommendations
For versions prior to R1 2017, update to R1 2017 or later to resolve the issue.
For R2 versions prior to R2 2017 SP2, update to R2 2017 SP2 or later to resolve the issue.
As a temporary workaround, consider disabling the RadAsyncUpload feature until a patch is available.
Exploit
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Telerik Ui For Asp.Net Ajax