Detections
Analytics
Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability
critical Nessus Plugin ID 135970
Language:
Synopsis
A web application development suite installed on the remote Windows host is affected by a deserialization vulnerability.Description
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)Solution
Upgrade to Telerik UI for ASP.NET AJAX version R3 2019 SP1 (2019.3.1023) or later, and enable the type whitelisting feature of RadAsyncUpload.See Also
http://www.nessus.org/u?de2ce6ef
Plugin Details
Severity: Critical
ID: 135970
File Name: telerik_ui_for_aspnet_ajax_CVE-2019-18935.nasl
Version: 1.8
Type: local
Agent: windows
Family: Windows
Published: 4/24/2020
Updated: 12/5/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-18935
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:telerik:ui_for_asp.net_ajax
Required KB Items: installed_sw/Telerik UI for ASP.NET AJAX
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/9/2019
Vulnerability Publication Date: 12/9/2019
CISA Known Exploited Vulnerability Due Dates: 5/3/2022
Reference Information
CVE: CVE-2019-18935
IAVA: 2020-A-0219