virus logo FortiClient Vulnerability

Telerik UI For ASP NET AJAX CVE-2019-18935 Code Injection Vulnerability

description-logoDescription

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)

description-logoOutbreak Alert

Versions prior to R1 2020 (2020.1.114) are susceptible to remote code execution attacks on affected web servers of Telerik User Interface (UI) for ASP-NET due to a deserialization vulnerability found in RadAsyncUpload function. FortiGuard Labs continue seeing high exploitation activity of these old vulnerabilities.

View the full Outbreak Alert Report

affected-products-logoAffected Applications

UI For ASP NET AJAX

CVE References

CVE-2019-18935

Other References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18935
ID 4128
Created Jan 26, 2022
Description
Updated		 Oct 26, 2023
Outbreak Alert Progress Telerik UI Attack
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Telerik
Patch manual
Application UI For ASP NET AJAX