CVE-2019-18935
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2019-18935 is a deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023. The RadAsyncUpload function contains this weakness, which can lead to remote code execution if attackers manage to provide malicious data and the encryption keys are known. Potential sources of known keys include CVE-2017-11317 and CVE-2017-11357, or other means. As of 2020.1.114, a default setting mitigates this risk. However, in version 2019.3.1023, an additional setting can provide an extra layer of protection against exploitation. Earlier versions do not have this option.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Telerik Ui For Asp.net Ajax
Affected Vendors
- Telerik
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions