cve-2019-18935
Vulnerability from cvelistv5
Published
2019-12-11 00:00
Modified
2025-02-04 20:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
References
cve@mitre.orghttp://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://codewhitesec.blogspot.com/2019/02/telerik-revisited.htmlNot Applicable
cve@mitre.orghttps://github.com/bao7uo/RAU_cryptoExploit, Third Party Advisory
cve@mitre.orghttps://github.com/noperator/CVE-2019-18935Exploit, Third Party Advisory
cve@mitre.orghttps://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-uiExploit, Third Party Advisory
cve@mitre.orghttps://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/Press/Media Coverage
cve@mitre.orghttps://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserializationPatch, Vendor Advisory
cve@mitre.orghttps://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29Release Notes
cve@mitre.orghttps://www.telerik.com/support/whats-new/release-historyRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://codewhitesec.blogspot.com/2019/02/telerik-revisited.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108https://github.com/bao7uo/RAU_cryptoExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/noperator/CVE-2019-18935Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-uiExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserializationPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.telerik.com/support/whats-new/release-historyRelease Notes, Vendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-18935

Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:02:40.029Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.telerik.com/support/whats-new/release-history",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/bao7uo/RAU_crypto",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/noperator/CVE-2019-18935",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2019-18935",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T20:02:54.779183Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2021-11-03",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18935",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T20:04:50.416Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-03-15T00:00:00.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.telerik.com/support/whats-new/release-history",
            },
            {
               url: "https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html",
            },
            {
               url: "https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization",
            },
            {
               url: "https://github.com/bao7uo/RAU_crypto",
            },
            {
               url: "https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui",
            },
            {
               url: "https://github.com/noperator/CVE-2019-18935",
            },
            {
               url: "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html",
            },
            {
               url: "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29",
            },
            {
               url: "http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html",
            },
            {
               url: "https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18935",
      datePublished: "2019-12-11T00:00:00.000Z",
      dateReserved: "2019-11-13T00:00:00.000Z",
      dateUpdated: "2025-02-04T20:04:50.416Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      cisa_known_exploited: {
         cveID: "CVE-2019-18935",
         cwes: "[\"CWE-502\"]",
         dateAdded: "2021-11-03",
         dueDate: "2022-05-03",
         knownRansomwareCampaignUse: "Known",
         notes: "https://nvd.nist.gov/vuln/detail/CVE-2019-18935",
         product: "Telerik UI for ASP.NET AJAX",
         requiredAction: "Apply updates per vendor instructions.",
         shortDescription: "Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.",
         vendorProject: "Progress",
         vulnerabilityName: "Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2019-18935\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-11T13:15:11.767\",\"lastModified\":\"2025-03-14T17:38:23.560\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)\"},{\"lang\":\"es\",\"value\":\"Progress Telerik UI para ASP.NET AJAX hasta 2019.3.1023 contiene una vulnerabilidad de deserialización de .NET en la función RadAsyncUpload. Esto es explotable cuando las claves de cifrado se conocen debido a la presencia de CVE-2017-11317 o CVE-2017-11357, u otros medios. La explotación puede resultar en la ejecución remota de código. (A partir de 2020.1.114, una configuración predeterminada evita la explotación. En 2019.3.1023, pero no en versiones anteriores, una configuración no predeterminada puede evitar la explotación).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2011.1.315\",\"versionEndIncluding\":\"2020.1.114\",\"matchCriteriaId\":\"4830E2C4-2481-466D-B46F-8562D226CC41\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/bao7uo/RAU_crypto\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/noperator/CVE-2019-18935\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.telerik.com/support/whats-new/release-history\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/bao7uo/RAU_crypto\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/noperator/CVE-2019-18935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.telerik.com/support/whats-new/release-history\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.telerik.com/support/whats-new/release-history\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bao7uo/RAU_crypto\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/noperator/CVE-2019-18935\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T02:02:40.029Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-18935\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T20:02:54.779183Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18935\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T20:02:37.712Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.telerik.com/support/whats-new/release-history\"}, {\"url\": \"https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html\"}, {\"url\": \"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\"}, {\"url\": \"https://github.com/bao7uo/RAU_crypto\"}, {\"url\": \"https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui\"}, {\"url\": \"https://github.com/noperator/CVE-2019-18935\"}, {\"url\": \"http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html\"}, {\"url\": \"https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-%28version-2020-1-114%29\"}, {\"url\": \"http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-03-15T00:00:00.000Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2019-18935\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T20:04:50.416Z\", \"dateReserved\": \"2019-11-13T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-12-11T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.