Multiple cyber criminal gangs, including a nation state-backed hacking group, have been hacking and exploiting a four-year-old software vulnerability to compromise a US federal government agency.
An alert from the Cybersecurity and Infrastructure Security Agency (CISA) released on March 15th reveals that hackers from multiple hacking groups have successfully exploited known vulnerabilities in Telerik, a user interface tool for web servers.
This software, designed for building components and themes for web applications, was running on the US agency’s Internet-facing web server. According to the CISA advisory it looks like the vulnerability went undetected for almost four years.
Two hacking groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX, which was located in the agency’s Microsoft Internet Information Services (IIS) web server. The Telerik UI for ASP.NET AJAX is sold by a US software company, Progress. The tool bundles more than 100 UI components that developers can use to reduce the time it takes to create custom Web applications.
In late 2019, Progress released version 2020.1.114, which patched CVE-2019-18935, an insecure de-serialisation vulnerability that made it possible to remotely execute code on vulnerable servers. The vulnerability carried a severity rating of 9.8 out of a possible 10.
In 2020, the US National Security Agency (NSA) warned that the vulnerability was being used by Chinese state-sponsored actors.
According to CISA “This exploit, which results in interactive access with the web server, enabled the threat actors to successfully execute remote code on the vulnerable web server... Though the agency’s vulnerability scanner had the appropriate ..
Support the originator by clicking the read the rest link below.
