CVE-2019-18935

high-risk
Published 2019-12-11

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)

Do I need to act?

!
93.6% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
47793
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Telerik

References (21)

Third Party Advisory http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.htm...
Exploit http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUplo...
Not Applicable https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
Exploit https://github.com/bao7uo/RAU_crypto
Exploit https://github.com/noperator/CVE-2019-18935
Exploit https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-tele...
Press/Media Coverage https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-ol...
Patch https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializ...
Release Notes https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp...
Release Notes https://www.telerik.com/support/whats-new/release-history
Third Party Advisory http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.htm...
Exploit http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUplo...
Not Applicable https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
Exploit https://github.com/bao7uo/RAU_crypto
Exploit https://github.com/noperator/CVE-2019-18935
Exploit https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-tele...
Press/Media Coverage https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-ol...
Patch https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializ...
Release Notes https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp...
Release Notes https://www.telerik.com/support/whats-new/release-history
and 1 more references
64
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal