Vulnerability Details CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.853
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/99965
- http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity
- http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness
- https://www.exploit-db.com/exploits/43873/
- http://www.securityfocus.com/bid/99965
- http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity
- http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness
- https://www.exploit-db.com/exploits/43873/
Products affected by CVE-2017-9248
-
cpe:2.3:a:progress:sitefinity:-
-
cpe:2.3:a:progress:sitefinity:10.0
-
cpe:2.3:a:progress:sitefinity:4.0
-
cpe:2.3:a:progress:sitefinity:5.1
-
cpe:2.3:a:progress:sitefinity:5.2
-
cpe:2.3:a:progress:sitefinity:5.3
-
cpe:2.3:a:progress:sitefinity:5.4
-
cpe:2.3:a:progress:sitefinity:6.0
-
cpe:2.3:a:progress:sitefinity:6.1
-
cpe:2.3:a:progress:sitefinity:6.2
-
cpe:2.3:a:progress:sitefinity:6.3
-
cpe:2.3:a:progress:sitefinity:7.0
-
cpe:2.3:a:progress:sitefinity:7.0.5143
-
cpe:2.3:a:progress:sitefinity:7.1
-
cpe:2.3:a:progress:sitefinity:7.1.5243
-
cpe:2.3:a:progress:sitefinity:7.2
-
cpe:2.3:a:progress:sitefinity:7.2.5353
-
cpe:2.3:a:progress:sitefinity:7.3
-
cpe:2.3:a:progress:sitefinity:7.3.5693
-
cpe:2.3:a:progress:sitefinity:8.0
-
cpe:2.3:a:progress:sitefinity:8.0.5773
-
cpe:2.3:a:progress:sitefinity:8.1
-
cpe:2.3:a:progress:sitefinity:8.1.5863
-
cpe:2.3:a:progress:sitefinity:8.2
-
cpe:2.3:a:progress:sitefinity:8.2.5973
-
cpe:2.3:a:progress:sitefinity:9.0
-
cpe:2.3:a:progress:sitefinity:9.0.6063
-
cpe:2.3:a:progress:sitefinity:9.1
-
cpe:2.3:a:progress:sitefinity:9.1.6180
-
cpe:2.3:a:progress:sitefinity:9.1.6183
-
cpe:2.3:a:progress:sitefinity:9.1.6185
-
cpe:2.3:a:progress:sitefinity:9.2
-
cpe:2.3:a:progress:sitefinity:9.2.6274
-
cpe:2.3:a:progress:sitefinity:9.2.6276
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:-
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.1.315
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.1315
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.1413
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.1519
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.2712
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.2915
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.3.1305
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2011.31115
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.1.215
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.1.411
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.2.607
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.2.724
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.2.912
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.3.1016
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.3.1205
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2012.3.1308
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.1.220
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.1.403
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.1.417
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.2.611
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.2.717
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.3.1015
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.3.1114
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2013.3.1324
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2014.1.225
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2014.1.403
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2014.2.618
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2014.2.724
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2014.3.1024
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2014.3.1209
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.1.204
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.1.225
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.2.604
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.2.623
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.2.729
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.2.826
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.3.1111
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2015.3.930
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.1.113
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.1.225
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.2.504
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.2.607
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.3.1018
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.3.1027
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2016.3.914
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.1.118
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.1.228
-
cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.503