CVE-2018-17060 : What You Need to Know

Telerik Extensions for ASP.NET MVC is vulnerable due to the absence of whitelisting requests, potentially allowing unauthorized access to server files.

Understanding CVE-2018-17060

The vulnerability in Telerik Extensions for ASP.NET MVC exposes a security risk by not implementing whitelisting requests.

What is CVE-2018-17060?

The absence of whitelisting requests in all versions of Telerik Extensions for ASP.NET MVC exposes a vulnerability, potentially enabling unauthorized access to files within the server's web directory. This product has been considered obsolete since June 2013.

The Impact of CVE-2018-17060

Unauthorized access to server files
Risk of sensitive data exposure

Technical Details of CVE-2018-17060

Telerik Extensions for ASP.NET MVC lacks whitelisting requests, leading to a security loophole.

Vulnerability Description

The vulnerability allows a remote attacker to access files within the server's web directory due to the absence of whitelisting requests.

Affected Systems and Versions

Product: Telerik Extensions for ASP.NET MVC
Vendor: Telerik
Versions: All versions

Exploitation Mechanism

The vulnerability can be exploited by sending unauthorized requests to the server, bypassing access controls.

Mitigation and Prevention

Immediate action is crucial to mitigate the risks posed by CVE-2018-17060.

Immediate Steps to Take

Disable or remove the obsolete Telerik Extensions for ASP.NET MVC
Implement whitelisting mechanisms to restrict access
Regularly monitor server logs for suspicious activities

Long-Term Security Practices

Keep software up to date with the latest security patches
Conduct regular security audits and penetration testing

Patching and Updates

Check for any available patches or updates from Telerik
Apply security updates promptly to address vulnerabilities