Detections
Analytics

CVE-2019-18935

critical

Description

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)

References

https://medium.com/@nilayp799/reverse-engineering-sitecore-vulnerabilities-3-ba8a99563ca4?source=rss------vulnerability-5

https://medium.com/@nilayp799/reverse-engineering-sitecore-vulnerabilities-3-ba8a99563ca4?source=rss------hacking-5

https://medium.com/@nilayp799/reverse-engineering-sitecore-vulnerabilities-3-ba8a99563ca4?source=rss------bug_bounty-5

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

https://www.cybereason.com/blog/research/cybereason-vs.-netwalker-ransomware

https://www.tenable.com/blog/government-agencies-warn-of-state-sponsored-actors-exploiting-publicly-known-vulnerabilities

https://www.tenable.com/blog/government-agencies-warn-of-state-sponsored-actors-exploiting-publicly-known-vulnerabilities

https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

https://www.telerik.com/support/whats-new/release-history

https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29

https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization

https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/

https://github.com/noperator/CVE-2019-18935

https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html

http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html

http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2019-12-11

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical