CVE-2019-18935

Vulnerability updated 7 months ago (2024-05-04T19:38:42.465Z)
Download STIX
Preview STIX
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advanced Persistent Threat (APT) actor. The vulnerability allowed these malicious entities to compromise the system, leading to potential data breaches and unauthorized access. The US Cybersecurity and Infrastructure Security Agency (CISA) disclosed this information as part of their cybersecurity advisory efforts. CISA plays a critical role in strengthening the nation’s cybersecurity capabilities and coordinating cybersecurity communications across different sectors. The disclosure regarding CVE-2019-18935 was intended to alert organizations about the potential risks and encourage them to take necessary precautions to secure their systems. The Federal Civilian Executive Branch (FCEB) was compromised from November 2022 to January 2023 due to this vulnerability. Threat actors were able to exploit the .NET deserialization Telerik vulnerability, causing significant security concerns. The incident underscores the importance of regular patching and updating of software to prevent exploitation of known vulnerabilities, and highlights the need for robust cybersecurity measures to protect against sophisticated attacks.
Description last updated: 2024-05-04T16:12:38.524Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telerik
Vulnerability
Exploit
CISA
Iis
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Earth Lusca Threat Actor is associated with CVE-2019-18935. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its arUnspecified
2
Source Document References
Information about the CVE-2019-18935 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
6 days ago
Unit42
15 days ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CISA
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
DARKReading
a year ago
Trend Micro
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CISA
a year ago
CERT-EU
a year ago
MITRE
2 years ago