Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Progress Telerik UI para ASP.NET AJAX hasta 2019.3.1023 contiene una vulnerabilidad de deserialización de .NET en la función RadAsyncUpload. Esto es explotable cuando las claves de cifrado se conocen debido a la presencia de CVE-2017-11317 o CVE-2017-11357, u otros medios. La explotación puede resultar en la ejecución remota de código. (A partir de 2020.1.114, una configuración predeterminada evita la explotación. En 2019.3.1023, pero no en versiones anteriores, una configuración no predeterminada puede evitar la explotación).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-502
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-502
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| telerik | ui_for_asp.net_ajax | * | <built-in method update of dict object at 0x72a9ccd2b580> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:* |