📄 Description (English)
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability — Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
🤖 AI Executive Summary
CVE-2017-11357 is a critical insecure direct object reference (IDOR) vulnerability in Telerik UI for ASP.NET AJAX's RadAsyncUpload component that allows attackers to upload arbitrary files and potentially achieve remote code execution. This vulnerability has known exploits in the wild and has been actively exploited by threat actors, including being listed in CISA's Known Exploited Vulnerabilities catalog. With a CVSS score of 9.0, this represents an extremely high-risk vulnerability for any organization running Telerik UI components in their web applications. Despite being discovered in 2017, many organizations remain unpatched, making this a persistent threat.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 7, 2026 15:43
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations, particularly government entities using ASP.NET-based web portals and e-services platforms which commonly deploy Telerik UI components. Saudi banking sector (SAMA-regulated) institutions with customer-facing web applications built on ASP.NET are at high risk of remote code execution. Government agencies under NCA oversight, including e-government portals (Absher, Tawakkalna-related services), healthcare systems (MOH portals), and educational institutions frequently use Telerik components. Energy sector organizations including ARAMCO and utility companies with internal web applications are also potentially affected. Telecom operators (STC, Mobily, Zain) with self-service portals may be vulnerable. The active exploitation of this vulnerability makes it particularly dangerous for Saudi critical infrastructure.
🏢 Affected Saudi Sectors
Government
Banking
Healthcare
Energy
Telecommunications
Education
Retail
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Telerik UI for ASP.NET AJAX across your environment using asset discovery tools
2. Immediately update Telerik UI to version R2 2017 SP1 (2017.2.621) or later — this is the minimum patched version
3. If immediate patching is not possible, restrict access to the RadAsyncUpload handler by blocking requests to Telerik.Web.UI.WebResource.axd and AsyncUpload handlers at the WAF/reverse proxy level
PATCHING GUIDANCE:
- Apply the latest Telerik UI for ASP.NET AJAX version available from Progress/Telerik
- Ensure encryption keys in web.config are changed from default values (ConfigurationEncryptionKey, MachineKey)
- Set custom encryption keys for RadAsyncUpload in web.config
COMPENSATING CONTROLS:
- Deploy WAF rules to block malicious file upload attempts targeting Telerik handlers
- Implement network segmentation to limit web server access to backend systems
- Monitor for suspicious file uploads and web shell indicators
- Restrict file upload directories with strict permissions
DETECTION RULES:
- Monitor IIS logs for requests to Telerik.Web.UI.WebResource.axd with suspicious parameters
- Alert on new .aspx, .ashx, .asmx files created in web application directories
- Hunt for web shells in Telerik temporary upload directories
- Monitor for unusual process execution from IIS worker processes (w3wp.exe)
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع حالات Telerik UI لـ ASP.NET AJAX عبر بيئتكم باستخدام أدوات اكتشاف الأصول
2. التحديث الفوري لـ Telerik UI إلى الإصدار R2 2017 SP1 (2017.2.621) أو أحدث — هذا هو الحد الأدنى للإصدار المصحح
3. إذا لم يكن التحديث الفوري ممكناً، قيّدوا الوصول إلى معالج RadAsyncUpload بحظر الطلبات إلى Telerik.Web.UI.WebResource.axd ومعالجات AsyncUpload على مستوى جدار حماية التطبيقات
إرشادات التصحيح:
- تطبيق أحدث إصدار متاح من Telerik UI لـ ASP.NET AJAX من Progress/Telerik
- التأكد من تغيير مفاتيح التشفير في web.config من القيم الافتراضية
- تعيين مفاتيح تشفير مخصصة لـ RadAsyncUpload في web.config
الضوابط التعويضية:
- نشر قواعد جدار حماية التطبيقات لحظر محاولات رفع الملفات الضارة
- تطبيق تجزئة الشبكة للحد من وصول خادم الويب إلى الأنظمة الخلفية
- مراقبة عمليات رفع الملفات المشبوهة ومؤشرات قذائف الويب
- تقييد أذونات مجلدات رفع الملفات
قواعد الكشف:
- مراقبة سجلات IIS للطلبات المشبوهة إلى معالجات Telerik
- التنبيه عند إنشاء ملفات .aspx أو .ashx جديدة في مجلدات التطبيق
- البحث عن قذائف الويب في مجلدات الرفع المؤقتة لـ Telerik
- مراقبة تنفيذ العمليات غير المعتادة من عمليات IIS
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-2:3-1 (Vulnerability Management)
ECC-2:3-2 (Patch Management)
ECC-2:5-1 (Web Application Security)
ECC-2:2-4 (Secure Configuration)
🔵 SAMA CSF
3.3.3 (Patch Management)
3.3.5 (Vulnerability Management)
3.4.1 (Application Security)
3.3.7 (Security Monitoring)
🟡 ISO 27001:2022
A.8.8 (Management of Technical Vulnerabilities)
A.8.9 (Configuration Management)
A.8.28 (Secure Coding)
A.8.16 (Monitoring Activities)
🟣 PCI DSS v4.0
6.3.3 (Patching Security Vulnerabilities)
6.4 (Web Application Security)
6.2 (System Components Security Patches)
11.3 (Penetration Testing)
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Telerik:User Interface (UI) for ASP.NET AJAX