SID 1:51377

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt

Rule Explanation

This rule detects an attempt to upload a file to an instance of Telerik UI using ASP.NET AJAX. Multiple vulnerabilities allow for straightforward decryption and encryption of a vulnerable parameter in some versions of Telerik UI, resulting in arbitrary file uploads.

What To Look For

This rule detects an attempt to upload a file to an instance of Telerik UI using ASP.NET AJAX.

Known Usage

No public information

False Positives

Known false positives, with the described conditions

This policy rule alerts on any asynchronous file upload to Telerik UI, malicious or benign.

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2017-11317 CVE-2017-11357 CVE-2019-18935

Additional Links

exploit-db.com/exploits/43874

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2017-11317
 Loading description
CVE-2017-11357
 Loading description
CVE-2019-18935
 Loading description

MITRE ATT&CK Framework

Tactic: Initial Access

Technique: Exploit Public-Facing Application

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org