Rapid7 Vulnerability & Exploit Database

Telerik UI for ASP.NET AJAX: Improper Input Validation (CVE-2017-11357)

Back to Search

Telerik UI for ASP.NET AJAX: Improper Input Validation (CVE-2017-11357)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/23/2017
Created
02/15/2020
Added
02/10/2020
Modified
10/21/2020

Description

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Solution(s)

  • telerik-ui-for-asp-net-ajax-upgrade-17_2_711

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;