CVE-2024-10095
📋 TL;DR
CVE-2024-10095 is an insecure deserialization vulnerability in Progress Telerik UI for WPF that allows remote code execution. Attackers can exploit this by sending specially crafted serialized data to deserialize, potentially gaining full control of affected systems. Organizations using vulnerable versions of Telerik UI for WPF are affected.
💻 Affected Systems
- Progress Telerik UI for WPF
📦 What is this software?
Ui For Wpf by Telerik
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining administrative privileges, data exfiltration, ransomware deployment, and persistent backdoor installation.
Likely Case
Remote code execution leading to application compromise, data theft, and lateral movement within the network.
If Mitigated
Limited impact with proper input validation and deserialization controls in place, potentially resulting in denial of service at worst.
🎯 Exploit Status
Insecure deserialization vulnerabilities typically have reliable exploitation paths once understood, but specific exploit details for this CVE are not yet public.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024 Q4 (2024.4.1213) or later
Vendor Advisory: https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-vulnerability-cve-2024-10095
Restart Required: Yes
Instructions:
1. Download Telerik UI for WPF version 2024.4.1213 or later from the Telerik website. 2. Update all affected applications to use the patched version. 3. Rebuild and redeploy applications. 4. Restart application services.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and sanitization for all deserialization inputs to reject malicious payloads.
Deserialization Controls
allImplement type checking and validation during deserialization using safe deserialization patterns.
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable systems from critical assets
- Deploy web application firewalls (WAF) with deserialization attack detection rules
🔍 How to Verify
Check if Vulnerable:
Check the Telerik UI for WPF assembly version in your application. Versions below 2024.4.1213 are vulnerable.Check Version:
Check the assembly version in your .NET application's references or use PowerShell: Get-ChildItem -Path . -Filter *.dll -Recurse | Select-String -Pattern "Telerik.Windows.Controls" | Select PathVerify Fix Applied:
Verify that the Telerik UI for WPF assembly version is 2024.4.1213 or higher in your deployed applications.📡 Detection & Monitoring
Log Indicators:
- Unusual deserialization errors in application logs
- Stack traces containing Telerik deserialization classes
- Unexpected process creation from application
Network Indicators:
- Unusual serialized data patterns in HTTP requests
- Large binary payloads to application endpoints
- Suspicious outbound connections from application server
SIEM Query:
source="application_logs" AND ("deserialization" OR "Telerik") AND (error OR exception)