Critical severity9.8CISA KEVNVD Advisory· Published Aug 23, 2017· Updated Apr 21, 2026

CVE-2017-11317

Description

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Affected products

Telerik/Ui For Asp.net Ajax3 versions
cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*:*range: <=2016.3.1027
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.503:*:*:*:*:*:*:*
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2017.2.621:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43874/nvdExploitThird Party AdvisoryVDB Entry
www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadnvdMitigationVendor Advisory
psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006nvdThird Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.074
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000