← Volver a CVEs
CVE-2017-9248
CRITICALCISA KEV9.8
Descripcion
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/3/2017
Ultima modificacion4/21/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorProgress
ProductoASP.NET AJAX and Sitefinity
Nombre vulnerabilidadProgress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown
Productos afectados
progress:sitefinitytelerik:ui_for_asp.net_ajax
Debilidades (CWE)
CWE-522CWE-522
Referencias
http://www.securityfocus.com/bid/99965(cve@mitre.org)
http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity(cve@mitre.org)
https://www.exploit-db.com/exploits/43873/(cve@mitre.org)
http://www.securityfocus.com/bid/99965(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43873/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9248(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.