Cryptographic Weakness in Progress Telerik UI for ASP.NET AJAX and Sitefinity
CVE-2017-9248

9.8CRITICAL

Key Information:

Vendor: Telerik
Status: Sitefinity Cms; Ui For Asp.net Ajax
Vendor: CVE Published:; 3 July 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 85%🦅 CISA Reported

What is CVE-2017-9248?

The Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX and Sitefinity is vulnerable due to insufficient protection for the DialogParametersEncryptionKey and MachineKey. This flaw allows remote attackers to potentially compromise the cryptographic mechanisms in place. As a result, attackers may exploit this weakness to leak sensitive MachineKey data, perform arbitrary file uploads or downloads, execute cross-site scripting (XSS) attacks, or manipulate the ASP.NET ViewState, leading to severe security implications for affected applications.

CISA has reported CVE-2017-9248

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2017-9248 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-9248 - Proof of Concept

dp_crypto
Created by bao7uo

Telewreck
Created by capt-meelo