![]() Validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services. This specific analysis is provided as context for existing vulnerabilities within Telerik UI for ASP.NET AJAX.Īctions to take today to mitigate malicious cyber activity: Implement a patch management solution to ensure compliance with the latest security patches. ![]() Update June 15, 2023:Īs of April 2023, forensic analysis conducted at an additional FCEB agency identified exploitation of CVE-2017-9248 in the agency’s IIS server by unattributed APT actors-specifically within the Telerik UI for ASP.NET AJAX DialogHandler component. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit. Successful exploitation of this vulnerability allows for remote code execution. NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server. Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |