CVE-2019-18935

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advanced Persistent Threat (APT) actor. The vulnerability allowed these malicious entities to compromise the system, leading to potential data breaches and unauthorized access. The US Cybersecurity and Infrastructure Security Agency (CISA) disclosed this information as part of their cybersecurity advisory efforts. CISA plays a critical role in strengthening the nation’s cybersecurity capabilities and coordinating cybersecurity communications across different sectors. The disclosure regarding CVE-2019-18935 was intended to alert organizations about the potential risks and encourage them to take necessary precautions to secure their systems. The Federal Civilian Executive Branch (FCEB) was compromised from November 2022 to January 2023 due to this vulnerability. Threat actors were able to exploit the .NET deserialization Telerik vulnerability, causing significant security concerns. The incident underscores the importance of regular patching and updating of software to prevent exploitation of known vulnerabilities, and highlights the need for robust cybersecurity measures to protect against sophisticated attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telerik
Vulnerability
CISA
Exploit
Iis
exploitation
Net
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ASPXSpyUnspecified
1
ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerable
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
2
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
Blue MockingbirdUnspecified
1
Blue Mockingbird is a threat actor group that emerged in December 2019, known for its sophisticated cyber attacks primarily aimed at mining Monero cryptocurrency. The group achieves initial access by exploiting public-facing web applications, specifically those using Telerik UI for ASP.NET AJAX. Thi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
CVE-2022-39952Unspecified
1
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo
CVE-2022-40684Unspecified
1
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorize
Earth Lusca Earth LuscaUnspecified
1
None
Source Document References
Information about the CVE-2019-18935 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Sensor Intel Series: Top CVEs in December 2023
CERT-EU
8 months ago
Sensor Intel Series: Top CVEs in October 2023
CERT-EU
10 months ago
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA
CISA
10 months ago
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA
CERT-EU
10 months ago
Sensor Intel Series: Top CVEs in August 2023 | F5 Labs
CERT-EU
10 months ago
Chinese Silent Skimmer Attack Hits APAC and NALA Online Payment Firms
CERT-EU
10 months ago
Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
DARKReading
10 months ago
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
CERT-EU
10 months ago
Analyzing Four Diverse Attack Techniques Used by XeGroup
Securityaffairs
10 months ago
Earth Lusca expands its arsenal with SprySOCKS Linux malware
DARKReading
10 months ago
Payment Card-Skimming Campaign Now Targeting Websites in North America
Trend Micro
10 months ago
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
CERT-EU
a year ago
Analyzing Threat Techniques Used By XeGroup
CERT-EU
a year ago
Guess what happened to this US agency that didn't patch?
CERT-EU
a year ago
Guess what happened to this US agency that didn't patch?
CISA
a year ago
CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities | CISA
CERT-EU
a year ago
XE Group hacking operation uncovered
MITRE
a year ago
Ransomware 2020: Attack Trends Affecting Organizations Worldwide
MITRE
a year ago
Blue Mockingbird activity mines Monero cryptocurrency
DARKReading
a year ago
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems