CVE-2024-11629
📋 TL;DR
This vulnerability in Progress Telerik Document Processing Libraries allows attackers to export the contents of arbitrary files to RTF format, potentially exposing sensitive system files. It affects applications using Telerik Document Processing Libraries with .NET Standard 2.0. Organizations using these libraries in their .NET applications are at risk.
💻 Affected Systems
- Progress Telerik Document Processing Libraries
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files like configuration files, credentials, or database files, leading to complete system compromise and data exfiltration.
Likely Case
Unauthorized access to application configuration files, source code, or other sensitive files stored on the server, potentially enabling further attacks.
If Mitigated
Limited impact if proper file system permissions restrict access to sensitive directories and files.
🎯 Exploit Status
Exploitation requires the application to be using the vulnerable file export functionality. Attackers need to be able to trigger the export operation with a malicious path parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025 Q1 (2025.1.205) or later
Vendor Advisory: https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629
Restart Required: No
Instructions:
1. Update all Telerik Document Processing Libraries to version 2025.1.205 or later. 2. Rebuild and redeploy affected applications. 3. Test the updated applications to ensure functionality.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation on file path parameters to prevent directory traversal and restrict to allowed directories only.
File System Permissions Restriction
allConfigure the application to run with minimal file system permissions, restricting access to sensitive directories.
🧯 If You Can't Patch
- Implement strict input validation to reject any file paths containing directory traversal sequences (../, ..\)
- Configure the application to run with the least privilege necessary, using file system ACLs to restrict access to sensitive directories
🔍 How to Verify
Check if Vulnerable:
Check the version of Telerik Document Processing Libraries referenced in your project files (packages.config, .csproj, or similar). Verify if version is below 2025.1.205.Check Version:
Check project configuration files or use: dotnet list package | findstr TelerikVerify Fix Applied:
Confirm the Telerik Document Processing Libraries version is 2025.1.205 or higher in your application dependencies. Test the file export functionality with various inputs.📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in application logs, especially containing ../ or ..\ sequences
- Failed file access attempts to sensitive system paths
Network Indicators:
- HTTP requests with unusual file path parameters in POST/PUT data or query strings
SIEM Query:
source="application_logs" AND ("../" OR "..\\" OR "/etc/" OR "/windows/" OR "C:\\") AND "export" AND "RTF"