CVE-2017-11317
Published: 23 August 2017
Summary
CVE-2017-11317 is a critical-severity Inadequate Encryption Strength (CWE-326) vulnerability in Telerik Ui For Asp.Net Ajax. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-13 (Cryptographic Protection).
Deeper analysis
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 contains a weakness in RadAsyncUpload encryption classified under CWE-326. The component fails to apply adequate cryptographic protections to serialized data processed during asynchronous uploads, resulting in a CVSS 3.1 score of 9.8.
Remote unauthenticated attackers can supply crafted encrypted payloads over the network to bypass intended restrictions, enabling arbitrary file uploads to the server or subsequent execution of attacker-controlled code within the context of the web application.
Public references, including the vendor knowledge base article on unrestricted file upload and multiple exploit archives, indicate that the issue is resolved in the specified releases and that proof-of-concept deserialization exploits have been published.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-2951
Vulnerability details
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
- CWE(s)
- KEV Date Added
- 11 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic protection mechanisms that would eliminate the weak RadAsyncUpload encryption (CWE-326) enabling crafted payload bypass.
Enforces access restrictions on file upload operations so that even a bypassed encryption check cannot result in arbitrary writes or code execution.
Requires validation of all input data, which would reject the malicious serialized payloads used to exploit the upload encryption weakness.