Vulnerabilities in unpatched versions Telerik UI for ASP.NET AJAX are being actively exploited, the Australian Cyber Security Centre (ACSC) has warned.
In a threat advisory, the ACSC said that advanced persistent threat (APT) actors “have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publically available exploits”.
The vulnerabilities being exploited were first detailed in 2017 and affected versions of Telerik that were released between 2007 and 2017. Telerik warned that the trio of vulnerabilities can allow arbitrary file uploads and/or remote code execution, or enable the disclosure of encryption keys.
Although a patch is available, it may need to be manually applied, the ACSC warned.
“The tools to exploit this vulnerability have been publicly published and require only basic knowledge or skills to use successfully,” the centre’s advisory said. “Any servers currently running a vulnerable version should be considered at risk and remediation steps should be taken.”
The ACSC said that organisations concerned that they may have been compromised should check for suspicious HTTP GET or POST requests to Telerik.Web.UI.WebResource.axd?type=rau or Telerik.Web.UI.DialogHandler.aspx.
In April the ACSC said that it was concerned about a large number unprotected network and storage services stored on Australian IP address blocks.
The centre said it was encouraging organisations to sign up to the Australian Internet Security Initiative (AISI), which was formerly run by the Australian Communications and Media Authority but now coordinated by CERT Australia.
The public-private partnership works to identify malware infections and vulnerabilities on systems with Australian IP addresses.
Last week the ACSC warned that phone scammers were seeking to impersonate its staff. The centre said that scammers have been telling their prospective victims that they need help to “act against cyber criminals.”
The scammers seek to convince victims to transfer money using Internet banking as part of an effort to trace a hacker.