CVE-2019-18935: Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
First published: Wed Dec 11 2019(Updated: )
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Telerik UI for ASP.NET AJAX | >=2011.1.315<2019.3.1023 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html
- https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
- https://github.com/bao7uo/RAU_crypto
- https://github.com/noperator/CVE-2019-18935
- https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
- https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/
- https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization
- https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)
- https://www.telerik.com/support/whats-new/release-history
Frequently Asked Questions
What is CVE-2019-18935?
CVE-2019-18935 is a vulnerability in Progress Telerik UI for ASP.NET AJAX that allows for the deserialization of untrusted data.
How severe is CVE-2019-18935?
CVE-2019-18935 has a severity rating of 9.8, which is considered critical.
What software is affected by CVE-2019-18935?
Progress Telerik UI for ASP.NET AJAX versions between 2011.1.315 and 2019.3.1023 are affected by CVE-2019-18935.
How can CVE-2019-18935 be exploited?
CVE-2019-18935 can be exploited when the encryption keys are known or through other means, which can result in remote code execution.
Are there any resources for further information about CVE-2019-18935?
Yes, you can find more information about CVE-2019-18935 at the following references: [link1](http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html), [link2](http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html), [link3](https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/progress
- canonical/progress telerik ui for asp.net ajax
- vendor/telerik
- canonical/telerik ui for asp.net ajax
- version/telerik ui for asp.net ajax/2011.1.315