CVE-2017-9248
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
CVSS
—
No CVSS
EPSS
75.1%
p99
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Progress / ASP.NET AJAX and Sitefinity
Vulnerability
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-9248
No related CVEs by CWE or product.