CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2017-11357

CVSS 9.8v3.1pub. 2017-08-23upd. 2026-04-22

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Progress Telerik Ui For Asp.net Ajax

    APP
    Progress
    < 2020.1.114

CISA KEV — detailsi

Vendori
Telerik
Producti
User Interface (UI) for ASP.NET AJAX
Added to KEVi
January 26, 2023
Remediation deadline (US Federal)i
February 16, 2023(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 16 lutego 2023
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-28141CRITICAL9.8ten sam produkt

An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to M...

CVE-2019-19790CRITICAL9.8ten sam produkt

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image...

CVE-2026-6022HIGH7.5ten sam produkt

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consum...

CVE-2026-6023HIGH8.1ten sam produkt

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable...

CVE-2025-3600HIGH7.5ten sam produkt

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exist...