The FortiGuard Incident Response team are ready to assist with the discovery, containment and remediation of incidents related to exploitation of Telerik UI vulnerabilities. Vulnerabilities in the Telerik UI initially disclosed and patched in 2017 and 2019 (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) continue to be exploited by threat actors.
These old vulnerabilities have garnered additional attention recently as CISA released an advisory on their use as part of the recent exploitation of US government networks.
Analysis of the associated artifacts indicates that exploitation of these vulnerabilities results in the deployment of reverse shell executables and then web shells, an intrusion chain similar to most recent web service vulnerabilities.
The FortiGuard team has extensive experience in responding to intrusions of this nature.
When dealing with such intrusions, a quick response that effectively contains an intrusion before it can spread and before the adversary can establish a further foothold is key to minimizing business impact and reducing the complexity of remediation efforts.
To engage the IR team directly please use the ‘Experienced a breach?’ link available here:
This webpage also has additional information on IR services and helps to prepare for cyber incidents.
If there is a question of whether this type of threat and to proactively prepare the security teams to better handle threats associated with the exploitation of Telerik UI vulnerabilities, engage the Incident Response Readiness service.
The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.