Critical severity9.8CISA KEVNVD Advisory· Published Aug 23, 2017· Updated Jun 17, 2026

CVE-2017-11317

Description

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Telerik/Ui For Asp.net Ajax4 versions
cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*range: <=2016.3.1027
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.503:*:*:*:*:*:*:*
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.621:*:*:*:*:*:*:*
- (no CPE)range: < R1 2017 and R2 before R2 2017 SP2
Progress (organisation)/Telerik Ui For Asp.net Ajaxllm-fuzzy
Range: < R1 2017 and R2 before R2 2017 SP2

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43874/nvdExploitThird Party AdvisoryVDB Entry
www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadnvdMitigationVendor Advisory
psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006nvdThird Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.067
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000