CVE-2014-2217 HIGH

Published: 2014-12-25 | Last Modified: 2026-06-17 | Status: Modified

Description

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

Additional Descriptions (1)

Vulnerabilidad de salto en las rutas absolutas en el control RadAsyncUpload en RadControls en Telerik UI de ASP.NET AJAX anterior a Q3 2012 SP2 permite a atacantes remotos escribir en archivos arbitrarios, y consecuentemente ejecutar código arbitrario, a través del nombre de ruta completo en el valor del metadato UploadID

CVSS Metrics

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-22

Affected Products

Vendor	Product	Version	Update	Type
progress	telerik_ui_for_asp.net_ajax	*	<built-in method update of dict object at 0x72a9ccd2ab80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax::::::::`

References

http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/
Source: [email protected]

Exploit
http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit