📄 Description (English)
Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability — Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
🤖 AI Executive Summary
CVE-2017-11317 is a critical unrestricted file upload vulnerability in Telerik UI for ASP.NET AJAX that allows remote attackers to upload arbitrary files or execute arbitrary code on affected web servers. Despite being discovered in 2017, this vulnerability remains actively exploited in the wild and has been used in numerous real-world attacks against government and enterprise systems. The vulnerability carries a CVSS score of 9.0 and has known public exploits available, making it an immediate priority for any organization running Telerik UI components. CISA has included this CVE in its Known Exploited Vulnerabilities catalog, underscoring its severity.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 7, 2026 15:43
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations, particularly government entities (NCA-regulated) and banking institutions (SAMA-regulated) that commonly use ASP.NET-based web applications with Telerik UI components. Saudi government portals, e-services platforms, and internal enterprise applications built on .NET frameworks are especially at risk. The energy sector (ARAMCO and subsidiaries), telecom operators (STC, Mobily, Zain), and healthcare systems using web-based patient portals with Telerik components could face remote code execution attacks. Given that Saudi Arabia has been a frequent target of advanced threat actors, this well-known vulnerability with public exploits represents a high-value attack vector for initial access into Saudi critical infrastructure.
🏢 Affected Saudi Sectors
Government
Banking
Energy
Telecom
Healthcare
Education
Retail
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all instances of Telerik UI for ASP.NET AJAX across your environment using asset inventory and web application scanning tools
2. Immediately upgrade Telerik UI to version R2 2017 SP1 (2017.2.621) or later, which addresses this vulnerability
3. If immediate patching is not possible, implement WAF rules to block suspicious file upload requests to Telerik handlers (Telerik.Web.UI.WebResource.axd and Telerik.Web.UI.DialogHandler.aspx)
Detection Rules:
4. Monitor web server logs for requests to Telerik dialog handlers with unusual parameters
5. Deploy YARA/Sigma rules to detect webshell uploads in web-accessible directories
6. Search for indicators of compromise: unexpected .aspx, .ashx, or .asmx files in web directories
7. Implement file integrity monitoring on web application directories
Compensating Controls:
8. Restrict network access to Telerik handler endpoints using IP whitelisting
9. Ensure web application pools run with least-privilege accounts
10. Disable unused Telerik handlers in web.config
11. Implement application-level encryption keys unique to each deployment (replace default MachineKey values)
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع مثيلات Telerik UI لـ ASP.NET AJAX في بيئتكم باستخدام أدوات جرد الأصول وفحص تطبيقات الويب
2. الترقية الفورية لـ Telerik UI إلى الإصدار R2 2017 SP1 (2017.2.621) أو أحدث
3. في حال عدم إمكانية التحديث الفوري، تطبيق قواعد جدار حماية تطبيقات الويب لحظر طلبات رفع الملفات المشبوهة إلى معالجات Telerik
قواعد الكشف:
4. مراقبة سجلات خادم الويب للطلبات إلى معالجات حوار Telerik مع معلمات غير عادية
5. نشر قواعد YARA/Sigma للكشف عن رفع ملفات الويب شل في المجلدات المتاحة عبر الويب
6. البحث عن مؤشرات الاختراق: ملفات .aspx أو .ashx أو .asmx غير متوقعة في مجلدات الويب
7. تطبيق مراقبة سلامة الملفات على مجلدات تطبيقات الويب
الضوابط التعويضية:
8. تقييد الوصول الشبكي إلى نقاط نهاية معالجات Telerik باستخدام القوائم البيضاء لعناوين IP
9. التأكد من تشغيل مجمعات تطبيقات الويب بأقل الصلاحيات
10. تعطيل معالجات Telerik غير المستخدمة في web.config
11. تطبيق مفاتيح تشفير فريدة على مستوى التطبيق لكل نشر واستبدال قيم MachineKey الافتراضية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-2:3-1 (Vulnerability Management)
ECC-2:3-2 (Patch Management)
ECC-2:2-4 (Web Application Security)
ECC-2:5-1 (Security Monitoring)
🔵 SAMA CSF
3.3.3 (Patch Management)
3.3.5 (Vulnerability Management)
3.4.1 (Application Security)
3.4.7 (Web Application Security)
3.5.1 (Security Event Monitoring)
🟡 ISO 27001:2022
A.8.8 (Management of Technical Vulnerabilities)
A.8.9 (Configuration Management)
A.8.16 (Monitoring Activities)
A.8.28 (Secure Coding)
🟣 PCI DSS v4.0
6.3.3 (Patching Security Vulnerabilities)
6.4 (Web Application Security)
6.5.8 (Improper Access Control)
11.3 (Penetration Testing)
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Telerik:User Interface (UI) for ASP.NET AJAX