US Government Web Servers at Risk from Critical Telerik Vulnerability
The US government and cybersecurity experts have issued a warning about a critical vulnerability in Telerik UI, which has been exploited by hackers to gain unauthorized access to US government web servers. Find out how to protect your own systems from this growing threat.
As cybersecurity threats continue to grow, one of the most pressing issues that organizations are facing today is the exploitation of the Telerik UI vulnerability. Telerik UI is a widely-used web development framework that is included in many third-party software packages. Hackers have been exploiting a critical vulnerability in Telerik UI to gain unauthorized access to sensitive data and networks, including those belonging to the US government.
To fully understand the risk posed by this vulnerability and how to protect your systems against it, it’s important to know exactly what it is and how it works.
What is Telerik UI Vulnerability?
Telerik UI vulnerability is a server-side request forgery (SSRF) vulnerability that allows attackers to send unauthorized requests from a vulnerable server to any destination on the internet. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data and potentially compromise entire networks.
This vulnerability affects a wide range of software packages that include the Telerik UI framework. Because many organizations may not even be aware that they are using Telerik UI, it’s important to take proactive measures to protect against this vulnerability.
Vulnerability scanner failed to detect flaw.
The advisory notes that the vulnerability allowed the attackers to execute code on the agency’s web server:
“CISA and authoring organizations assess that, beginning as late as November 2022, threat actors successfully exploited a .NET deserialization vulnerability (CVE-2019-18935) in an instance of Telerik UI for ASP.NET AJAX Q2 2013 SP1 (version 2013.2.717) running on an FCEB agency’s Microsoft IIS server. This exploit, which results in interactive access with the web server, enabled the threat actors to successfully execute remote code on the vulnerable web server. Though the agency’s vulnerability scanner had the appropriate plugin for CVE-2019-18935, it failed to detect the vulnerability due to the Telerik UI software being installed in a file path it does not typically scan. This may be the case for many software installations, as file paths widely vary depending on the organization and installation method.”
The advisory notes that a nation-state actor and a cybercriminal group both exploited the vulnerability.
How Can You Protect Your Systems?
To protect your systems against Telerik UI vulnerability, there are several steps you can take:
Stay Up to Date: Keep your software packages up to date with the latest security patches to ensure that you are protected against known vulnerabilities.
Monitor Network Traffic: Regularly monitor network traffic for any signs of suspicious activity, such as an unusually high number of requests to certain endpoints.
Use a Web Application Firewall (WAF): A WAF can help protect against SSRF attacks by blocking requests that are not authorized.
Restrict Outgoing Traffic: Restricting outgoing traffic can help limit the scope of any potential attacks.
Conduct Regular Vulnerability Assessments: Regularly conduct vulnerability assessments to identify any vulnerabilities that may be present in your systems.
Conclusion
Telerik UI vulnerability is a critical cybersecurity threat that organizations must take seriously. By staying up to date with the latest security patches, monitoring network traffic, using a WAF, restricting outgoing traffic, and conducting regular vulnerability assessments, you can help protect your systems against this growing threat.
Don’t wait until it’s too late to take action. Be proactive in your approach to cybersecurity and take the necessary steps to protect your organization from the Telerik UI vulnerability.
