CVE-2019-18935

Vulnerability updated 4 months ago (2024-05-04T19:38:42.465Z)

Download STIX

Preview STIX

CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advanced Persistent Threat (APT) actor. The vulnerability allowed these malicious entities to compromise the system, leading to potential data breaches and unauthorized access. The US Cybersecurity and Infrastructure Security Agency (CISA) disclosed this information as part of their cybersecurity advisory efforts. CISA plays a critical role in strengthening the nation’s cybersecurity capabilities and coordinating cybersecurity communications across different sectors. The disclosure regarding CVE-2019-18935 was intended to alert organizations about the potential risks and encourage them to take necessary precautions to secure their systems. The Federal Civilian Executive Branch (FCEB) was compromised from November 2022 to January 2023 due to this vulnerability. Threat actors were able to exploit the .NET deserialization Telerik vulnerability, causing significant security concerns. The incident underscores the importance of regular patching and updating of software to prevent exploitation of known vulnerabilities, and highlights the need for robust cybersecurity measures to protect against sophisticated attacks.

Description last updated: 2024-05-04T16:12:38.524Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Telerik

Vulnerability

Exploit

CISA

Iis

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Earth Lusca	Unspecified	2	Earth Lusca, a threat actor identified as being Chinese-speaking, has been active since at least the first half of 2023. The group primarily targets organizations in Southeast Asia, Central Asia, and the Balkans. Recently, it has expanded its arsenal with SprySOCKS Linux malware, a new addition that

Source Document References

Information about the CVE-2019-18935 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	7 months ago	Sensor Intel Series: Top CVEs in December 2023
CERT-EU	9 months ago	Sensor Intel Series: Top CVEs in October 2023
CERT-EU	a year ago	NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations \| CISA
CISA	a year ago	NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations \| CISA
CERT-EU	a year ago	Sensor Intel Series: Top CVEs in August 2023 \| F5 Labs
CERT-EU	a year ago	Chinese Silent Skimmer Attack Hits APAC and NALA Online Payment Firms
CERT-EU	a year ago	Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
DARKReading	a year ago	China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
CERT-EU	a year ago	Analyzing Four Diverse Attack Techniques Used by XeGroup
Securityaffairs	a year ago	Earth Lusca expands its arsenal with SprySOCKS Linux malware
DARKReading	a year ago	Payment Card-Skimming Campaign Now Targeting Websites in North America
Trend Micro	a year ago	Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
CERT-EU	a year ago	Analyzing Threat Techniques Used By XeGroup
CERT-EU	a year ago	Guess what happened to this US agency that didn't patch?
CERT-EU	a year ago	Guess what happened to this US agency that didn't patch?
CISA	a year ago	CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities \| CISA
CERT-EU	a year ago	XE Group hacking operation uncovered
MITRE	2 years ago	Ransomware 2020: Attack Trends Affecting Organizations Worldwide
MITRE	2 years ago	Blue Mockingbird activity mines Monero cryptocurrency
DARKReading	2 years ago	Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems