Aperçu
Progress Telerik UI for ASP.NET AJAX contains a weak encryption vulnerability in the RadAsyncUpload component that allows remote attackers to perform arbitrary file uploads and execute arbitrary code. The vulnerability stems from improper encryption implementation in the async upload handling mechanism. La vulnérabilité a été divulguée le August 23, 2017. CISA a identifié CVE-2017-11317 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
The RadAsyncUpload component in Telerik UI for ASP.NET AJAX uses weak encryption for handling file uploads, allowing attackers to bypass security controls. The vulnerability allows remote attackers to upload arbitrary files to the server or execute arbitrary code by crafting malicious requests that exploit the weak encryption scheme used to validate and process uploaded files.
La vulnérabilité est classifiée comme CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) etCWE-434 (Unrestricted Upload of File with Dangerous Type) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
An unauthenticated remote attacker can upload arbitrary files to the web server, potentially leading to remote code execution. This could allow attackers to compromise the entire application and underlying server, steal sensitive data, modify application logic, or launch further attacks on the infrastructure.
Mitigation et contournements
Progress Software released patches through the following versions: Update to R1 2017 SP1 or later for the R1 branch, or update to R2 2017 SP2 or later for the R2 branch. Patches are available through the Telerik UI for ASP.NET AJAX NuGet package or direct download from the Progress Software portal. Les versions suivantes incluent les correctifs nécessaires : R1 2017 SP1, R2 2017 SP2.
Comme contournements temporaires : disable the radasyncupload component if not in use, or restrict access to pages using radasyncupload through ip whitelisting or authentication mechanisms.; implement web application firewall (waf) rules to detect and block suspicious radasyncupload requests with unusual parameters or patterns., et implement file upload validation at the application level, including strict file type checking, file size limits, and scanning uploaded files with antivirus/malware detection tools..
Recommandation de CISA : Apply updates per vendor instructions.
Ressources additionnelles
Source : Ce rapport a été généré par IA
