Description

The Telerik UI component for ASP.NET AJAX is using weak encryption keys to encrypt data used by RadAsyncUpload. This may allow an attacker to upload arbitrary files, and to achieve remote code execution on the software's underlying host.

It was not confirmed that remote code execution is possible, this alert was issued based on the version of the Telerik UI component.

Remediation

Upgrade to the latest version, follow the guidance in the RadAsyncUpload Security Guide (https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security), and set all encryption keys.

References

Unrestricted File Upload

Arbitrary file write in Telerik UI for ASP.NET AJAX

RadAsyncUpload Security Guide

Telerik UI for ASP.NET AJAX Release History

Telerik RadAsyncUpload Security Documentation

Related Vulnerabilities

Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)

Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)

WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)

node-serialize Insecure Deserialization

Apache 2.2.14 mod_isapi Dangling Pointer

Severity

High

Classification

CVE-2014-2217 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Unauthenticated File Upload Arbitrary File Creation