Details
Telerik offers a variety of products which are used to provide functionality used by web pages. In some cases, Telerik products may be installed as a third party component through other products, and as such, may be unknowingly in use.
In 2017, a security vulnerability was published that affects some Telerik products which could allow a malicious cyber actor to gain control over a server. This vulnerability is detailed in CVE-2017-9248, and similarly in CVE-2017-11317 and CVE-2017-11357. Vulnerable versions of Telerik are those published between 2007 and 2017.
Telerik issued a patch for these vulnerabilities in 2017, however due to the nature of the software, the patches may need to be manually applied.
The tools to exploit this vulnerability have been publicly published and require only basic knowledge or skills to use successfully. Any servers currently running a vulnerable version should be considered at risk and remediation steps should be taken.