Help
FortiGuard
The FortiGuard Domain Reputation service is a licensed subscription that maintains a database of DNS Domain Names that pose a threat to your network and clients.
mrobson
Staff
Staff

Created on ‎03-16-2023 10:45 PM

Article Id 249374

Technical Tip: Engaging FortiGuard Incident Response Services to mitigate risk from Telerik UI exploitation

Description

 

The FortiGuard Incident Response team are ready to assist with the discovery, containment and remediation of incidents related to exploitation of Telerik UI vulnerabilities. Vulnerabilities in the Telerik UI initially disclosed and patched in 2017 and 2019 (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) continue to be exploited by threat actors.

These old vulnerabilities have garnered additional attention recently as CISA released an advisory on their use as part of the recent exploitation of US government networks[1].

Analysis of the associated artifacts indicates that exploitation of these vulnerabilities results in the deployment of reverse shell executables and then web shells, an intrusion chain similar to most recent web service vulnerabilities.

The FortiGuard team has extensive experience in responding to intrusions of this nature.

When dealing with such intrusions, a quick response that effectively contains an intrusion before it can spread and before the adversary can establish a further foothold is key to minimizing business impact and reducing the complexity of remediation efforts.

 

Scope

 

FortiGuard.

 

Solution

 

Engaging Response Services:

 

To engage the IR team directly please use the ‘Experienced a breach?’ link available here:

https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/fortiguard-inci...

This webpage also has additional information on IR services and helps to prepare for cyber incidents.

 

Engaging Proactive Services:

 

If there is a question of whether this type of threat and to proactively prepare the security teams to better handle threats associated with the exploitation of Telerik UI vulnerabilities, engage the Incident Response Readiness service.

The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.

 

Related document:

https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/sb-fortiguard-incident-readines...

 

[1] https://www.cisa.gov/news-events/analysis-reports/ar23-074a

362
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.