CVE-2019-18935

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advanced Persistent Threat (APT) actor. The vulnerability allowed these malicious entities to compromise the system, leading to potential data breaches and unauthorized access. The US Cybersecurity and Infrastructure Security Agency (CISA) disclosed this information as part of their cybersecurity advisory efforts. CISA plays a critical role in strengthening the nation’s cybersecurity capabilities and coordinating cybersecurity communications across different sectors. The disclosure regarding CVE-2019-18935 was intended to alert organizations about the potential risks and encourage them to take necessary precautions to secure their systems. The Federal Civilian Executive Branch (FCEB) was compromised from November 2022 to January 2023 due to this vulnerability. Threat actors were able to exploit the .NET deserialization Telerik vulnerability, causing significant security concerns. The incident underscores the importance of regular patching and updating of software to prevent exploitation of known vulnerabilities, and highlights the need for robust cybersecurity measures to protect against sophisticated attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telerik
Exploit
CISA
Vulnerability
Iis
exploitation
Net
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ASPXSpyUnspecified
1
ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerable
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
2
Earth Lusca is a significant threat actor that has recently expanded its malicious arsenal with the SprySOCKS Linux malware, posing an increased risk to global cybersecurity. This group is known for executing actions with harmful intent, and could be composed of individuals, private companies, or go
Blue MockingbirdUnspecified
1
Blue Mockingbird is a threat actor group that emerged in December 2019, known for its sophisticated cyber attacks primarily aimed at mining Monero cryptocurrency. The group achieves initial access by exploiting public-facing web applications, specifically those using Telerik UI for ASP.NET AJAX. Thi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
Earth Lusca Earth LuscaUnspecified
1
None
CVE-2022-39952Unspecified
1
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo
CVE-2022-40684Unspecified
1
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorize
Source Document References
Information about the CVE-2019-18935 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Blue Mockingbird activity mines Monero cryptocurrency
CERT-EU
8 months ago
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA
CERT-EU
a year ago
XE Group hacking operation uncovered
DARKReading
9 months ago
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
CERT-EU
a year ago
Guess what happened to this US agency that didn't patch?
CERT-EU
4 months ago
Sensor Intel Series: Top CVEs in December 2023
CISA
8 months ago
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in February 2023 | F5 Labs
CISA
a year ago
CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities | CISA
CERT-EU
9 months ago
Chinese Silent Skimmer Attack Hits APAC and NALA Online Payment Firms
CERT-EU
9 months ago
Analyzing Four Diverse Attack Techniques Used by XeGroup
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in April 2023 | F5 Labs
Securityaffairs
a year ago
Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency
Trend Micro
9 months ago
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Securityaffairs
9 months ago
Earth Lusca expands its arsenal with SprySOCKS Linux malware
CERT-EU
a year ago
GovCERT.HK - Security Alerts
DARKReading
9 months ago
Payment Card-Skimming Campaign Now Targeting Websites in North America
DARKReading
a year ago
Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns
CERT-EU
7 months ago
Sensor Intel Series: Top CVEs in October 2023
DARKReading
a year ago
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems