CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 16, 2023

CVE-2017-11357

High

EPSS 93.8%CISA KEVRansomware

Telerik/User Interface (UI) for ASP.NET AJAX

Description

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.

EPSS — Exploit Probability

93.8%

Higher than 99.9% of all CVEs

Required Action

https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 93.8%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Jan 26, 2023

Added to KEV

Jan 26, 2023

Remediation Due

Feb 16, 2023

Affected Product

Telerik

User Interface (UI) for ASP.NET AJAX

View all Telerik CVEs

External Links

NVD (NIST)CVE Details MITRE CVE