CVE-2019-18935 : What You Need to Know

CVE-2019-18935 is a vulnerability in Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023 that involves .NET deserialization in the RadAsyncUpload function. This vulnerability can lead to remote code execution.

Understanding CVE-2019-18935

This CVE relates to a specific vulnerability in Telerik UI for ASP.NET AJAX versions up to 2019.3.1023.

What is CVE-2019-18935?

The vulnerability in Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023 allows for .NET deserialization in the RadAsyncUpload function, potentially resulting in remote code execution.

The Impact of CVE-2019-18935

Exploitation of this vulnerability can lead to the execution of remote code, posing a significant security risk to affected systems.

Technical Details of CVE-2019-18935

This section provides technical details about the vulnerability.

Vulnerability Description

The vulnerability is related to .NET deserialization in the RadAsyncUpload function of Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023.

Affected Systems and Versions

Vendor: n/a
Product: n/a
Affected Versions: Up to 2019.3.1023

Exploitation Mechanism

The vulnerability can be exploited if the encryption keys are known, either due to the presence of specific CVEs or through other methods.

Mitigation and Prevention

Protecting systems from CVE-2019-18935 is crucial to prevent potential exploitation.

Immediate Steps to Take

Upgrade to version 2020.1.114 or later, where a default setting prevents the exploit.
Implement non-default settings in version 2019.3.1023 and earlier to mitigate the vulnerability.

Long-Term Security Practices

Regularly update software to the latest versions.
Monitor security advisories and apply patches promptly.

Patching and Updates

Ensure that all systems are updated with the latest patches and security fixes to address vulnerabilities like CVE-2019-18935.