all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Multiple Progress Telerik UI Vulnerabilities Exploited in the Wild

Add to bookmarks
March 16, 2023, 8:55 a.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

FortiGuard Labs recently observed that multiple vulnerabilities (CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357) in Progress Telerik UI (User Interface) are being exploited in chain to achieve arbitrary code execution on a remote machine. On March 15th, CISA released an advisory that multiple threat actors exploited unpatched IIS servers in a U.S. federal agency.Why is this Significant?This is significant because three Progress Telerik UI vulnerabilities are being exploited in chain for arbitrary code execution. On March 15th, 2023, CISA released an advisory that …

advisory agency cisa code code execution cve exploited federal federal agency iis interface labs machine march progress progress telerik servers telerik threat threat actors unpatched user interface vulnerabilities

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Check Point Quantum Security Gateways Information Disclosure Vulnerability (CVE-2024-24919) 1 day, 12 hours ago | fortiguard.fortinet.com
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679) 5 days, 11 hours ago | fortiguard.fortinet.com
code code execution command command injection +29
Genesis Market Malware Attack 1 week, 3 days ago | fortiguard.fortinet.com
attack campaign counterfeit dismantled +26
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 2 weeks, 5 days ago | fortiguard.fortinet.com
browser can chrome chromium +15
GitLab Password Reset Vulnerability (CVE-2023-7028) 3 weeks, 1 day ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 3 weeks, 3 days ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 3 weeks, 5 days ago | fortiguard.fortinet.com
access advisory application attackers +29
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 1 month ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 1 month ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com