Skip to main content

2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor

The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.

Alert status
HIGH

Details

Telerik offers a variety of products which are used to provide functionality used by web pages. In some cases, Telerik products may be installed as a third party component through other products, and as such, may be unknowingly in use.

In 2017, a security vulnerability was published that affects some Telerik products which could allow a malicious cyber actor to gain control over a server. This vulnerability is detailed in CVE-2017-9248, and similarly in CVE-2017-11317 and CVE-2017-11357. Vulnerable versions of Telerik are those published between 2007 and 2017.

Telerik issued a patch for these vulnerabilities in 2017, however due to the nature of the software, the patches may need to be manually applied.

The tools to exploit this vulnerability have been publicly published and require only basic knowledge or skills to use successfully. Any servers currently running a vulnerable version should be considered at risk and remediation steps should be taken.