Progress Telerik UI Attack
Released: Mar 09, 2023
Older vulnerabilities still being targeted in the wild.
Telerik User Interface (UI) for ASP.NET does not properly filter serialized input for malicious content. Versions prior to R1 2020 (2020.1.114) are susceptible to remote code execution attacks on affected web servers due to a deserialization vulnerability. FortiGuard Labs continue seeing high exploitation activity and attacker attempting to exploit Telerik UI vulnerabilities. Learn More »
Common Vulnerabilities and Exposures
Background
Telerik UI for ASP.NET is a popular UI component library for ASP.NET web applications. In 2017, several vulnerabilities were discovered, potentially resulting in remote code execution. Attacker has to chain exploits for unrestricted file upload (CVE-2017-11317, CVE-2017-11357) and insecure deserialization (CVE-2019-18935) vulnerabilities to execute arbitrary code on a remote machine. There are two malware campaigns associated with Progress Telerik UI Attack: Netwalker Ransomware and Blue Mockbird Monero Cryptocurrency-mining. CVE 2019-18935 also made it to CISA's top routinely exploited vulnerability list in the year 2020. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
Threat Radar Overall Score: 4.4
CVSS Rating | 9.0 | |
Reconnaissance Score | 92/100 | |
KEV Catalog | Yes | |
EPSS | 95% | |
FortiGuard Telemetry | 73399 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
November 03, 2021: (CVE-2019-18935) Telerik UI for ASP.NET Deserialization Bug added to CISA known exploitation list April 11, 2022: (CVE-2017-11317) Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability added to CISA known exploitation list January 26, 2023: (CVE-2017-11357) Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability added to CISA known exploitation list
March 8, 2023: FortiGuard labs research indicates high exploitation activity and IPS detections of upto more than 50,000+ unique IPS devices. Admins should update to the most recent version of Telerik UI for ASP.NET AJAX (at least 2020.1.114 or later) to mitigate the issue completely.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
IPS
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Detects and blocks malware related to Progress Telerik UI Attack (CVE-2019-18935, CVE-2017-11317, CVE-2017-11357)
Vulnerability Detects vulnerable Telerik UI For ASP NET AJAX
AV (Pre-filter) Detects and blocks malware related to Progress Telerik UI Attack (CVE-2019-18935, CVE-2017-11317, CVE-2017-11357)
IPS Detects and block Progress Telerik UI Attack (CVE-2019-18935, CVE-2017-11317, CVE-2017-11357)
Assisted Response Services Experts to assist you with analysis, containment and response activities.
FortiRecon: ACI
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.