virus logo Outbreak Alert

Progress Telerik UI Attack

Released: Mar 09, 2023

Download PDF »

Progress Telerik UI Attack Attack Tags

High Severity

Progress Vendor

Subscribe

Older vulnerabilities still being targeted in the wild

Versions prior to R1 2020 (2020.1.114) are susceptible to remote code execution attacks on affected web servers of Telerik User Interface (UI) for ASP-NET due to a deserialization vulnerability found in RadAsyncUpload function. FortiGuard Labs continue seeing high exploitation activity of these old vulnerabilities. Learn More »

Common Vulnerabilities and Exposures





Background

Telerik UI for ASP-NET is a popular UI component library for ASP-NET web applications. In 2017, several vulnerabilities were discovered, potentially resulting in remote code execution. Attacker has to chain exploits for unrestricted file upload (CVE-2017-11317, CVE-2017-11357) and insecure deserialization (CVE-2019-18935) vulnerabilities to execute arbitrary code on a remote machine. Previously, there were two malware campaigns associated with Progress Telerik UI Attack. Netwalker Ransomware and Blue Mockbird Monero Cryptocurrency-mining. CVE 2019-18935 also made it to CISA's top routinely exploited vulnerability list in the year 2020. Even though these are old vulnerabilities attackers may still leverage them to conduct malicious activity.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


November 03, 2021: (CVE-2019-18935) Telerik UI for ASP-NET, Deserialization Bug added to CISA known exploitation catalog
April 11, 2022: (CVE-2017-11317) Telerik UI for ASP-NET, Unrestricted File Upload Vulnerability added to CISA known exploitation catalog
January 26, 2023: (CVE-2017-11357) Telerik UI for ASP-NET, Insecure Direct Object Reference Vulnerability added to CISA known exploitation catalog


March 8, 2023: FortiGuard labs research indicates high exploitation activity and IPS detections of up-to more than 50,000+ unique IPS devices. Admins should update to the most recent version of Telerik UI for ASP-NET AJAX (at least 2020.1.114 or later) to mitigate the issue completely.
March 15, 2023: CISA released a cybersecurity advisory; Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • IPS

  • Web App Security

  • Post-execution

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.