Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt

Rule Explanation

This rule keys on a specific URI and parameters that would indicate a request for cryptographic keys, related to brute force attempts to exploit 2017-9248

What To Look For

This rule alerts on a brute force attempt to find the right cryptographic key

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Credential Access

Technique: Brute Force

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
Details
Severity Base Score9.8
Impact Score5.9 Exploit Score3.9
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredNONE