Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Telerik UI cryptographic keys disclosure attempt

Rule Explanation

This rule keys on a specific URI and parameters that would indicate a request for cryptographic keys, related to brute force attempts to exploit 2017-9248

What To Look For

This event is triggered by a request for a cryptographic key

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Credential Access

Technique: Brute Force

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Details
Severity Base Score9.8
Impact Score5.9 Exploit Score3.9
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredNONE