1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2019-18935 Mappings

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2019-18935 Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability primary_impact T1041 Exfiltration Over C2 Channel
Comments
CVE 2019-18935 is a Insecure Deserialization vulnerability with the Telerik UI, which does not properly sanitize serialized data inputs from the user. This vulnerability leads to the application being vulnerable to RCE attacks that may lead to a full system compromise.
References
  1. https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/
  2. https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-18935 Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability primary_impact T1496 Resource Hijacking
Comments
CVE 2019-18935 is a Insecure Deserialization vulnerability with the Telerik UI, which does not properly sanitize serialized data inputs from the user. This vulnerability leads to the application being vulnerable to RCE attacks that may lead to a full system compromise.
References
  1. https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/
  2. https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-18935 Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability primary_impact T1505.003 Web Shell
Comments
CVE 2019-18935 is a Insecure Deserialization vulnerability with the Telerik UI, which does not properly sanitize serialized data inputs from the user. This vulnerability leads to the application being vulnerable to RCE attacks that may lead to a full system compromise.
References
  1. https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/
  2. https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-18935 Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE 2019-18935 is a Insecure Deserialization vulnerability with the Telerik UI, which does not properly sanitize serialized data inputs from the user. This vulnerability leads to the application being vulnerable to RCE attacks that may lead to a full system compromise.
References
  1. https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/
  2. https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a