Hackers Exploit Critical Telerik Vulnerability in US Government IIS Web Server

US Government Web Servers at Risk from Critical Telerik Vulnerability

The US government and cybersecurity experts have issued a warning about a critical vulnerability in Telerik UI, which has been exploited by hackers to gain unauthorized access to US government web servers. Find out how to protect your own systems from this growing threat.

As cybersecurity threats continue to grow, one of the most pressing issues that organizations are facing today is the exploitation of the Telerik UI vulnerability. Telerik UI is a widely-used web development framework that is included in many third-party software packages. Hackers have been exploiting a critical vulnerability in Telerik UI to gain unauthorized access to sensitive data and networks, including those belonging to the US government.

To fully understand the risk posed by this vulnerability and how to protect your systems against it, it’s important to know exactly what it is and how it works.

What is Telerik UI Vulnerability?

Telerik UI vulnerability is a server-side request forgery (SSRF) vulnerability that allows attackers to send unauthorized requests from a vulnerable server to any destination on the internet. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data and potentially compromise entire networks.

This vulnerability affects a wide range of software packages that include the Telerik UI framework. Because many organizations may not even be aware that they are using Telerik UI, it’s important to take proactive measures to protect against this vulnerability.

Vulnerability scanner failed to detect flaw.

The advisory notes that the vulnerability allowed the attackers to execute code on the agency’s web server:

“CISA and authoring organizations assess that, beginning as late as November 2022, threat actors successfully exploited a .NET deserialization vulnerability (CVE-2019-18935) in an instance of Telerik UI for ASP.NET AJAX Q2 2013 SP1 (version 2013.2.717) running on an FCEB agency’s Microsoft IIS server. This exploit, which results in interactive access with the web server, enabled the threat actors to successfully execute remote code on the vulnerable web server. Though the agency’s vulnerability scanner had the appropriate plugin for CVE-2019-18935, it failed to detect the vulnerability due to the Telerik UI software being installed in a file path it does not typically scan. This may be the case for many software installations, as file paths widely vary depending on the organization and installation method.”

The advisory notes that a nation-state actor and a cybercriminal group both exploited the vulnerability. 

How Can You Protect Your Systems?

To protect your systems against Telerik UI vulnerability, there are several steps you can take:

  1. Stay Up to Date: Keep your software packages up to date with the latest security patches to ensure that you are protected against known vulnerabilities.

  2. Monitor Network Traffic: Regularly monitor network traffic for any signs of suspicious activity, such as an unusually high number of requests to certain endpoints.

  3. Use a Web Application Firewall (WAF): A WAF can help protect against SSRF attacks by blocking requests that are not authorized.

  4. Restrict Outgoing Traffic: Restricting outgoing traffic can help limit the scope of any potential attacks.

  5. Conduct Regular Vulnerability Assessments: Regularly conduct vulnerability assessments to identify any vulnerabilities that may be present in your systems.


Telerik UI vulnerability is a critical cybersecurity threat that organizations must take seriously. By staying up to date with the latest security patches, monitoring network traffic, using a WAF, restricting outgoing traffic, and conducting regular vulnerability assessments, you can help protect your systems against this growing threat.

Don’t wait until it’s too late to take action. Be proactive in your approach to cybersecurity and take the necessary steps to protect your organization from the Telerik UI vulnerability.

More To Explore

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report
Generated by Feedzy

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.