QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9248

Published: Jul 3, 2017

Modified: Oct 21, 2025

PUBLISHED

Description

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.