CVE-2024-7575 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2024-7575?

CVE-2024-7575 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of Progress Telerik UI for WPF. Attackers can exploit improper neutralization of hyperlink elements to inject malicious commands. Organizations using affected Telerik UI for WPF versions in their Windows applications are at risk.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of Progress Telerik UI for WPF. Attackers can exploit improper neutralization of hyperlink elements to inject malicious commands. Organizations using affected Telerik UI for WPF versions in their Windows applications are at risk.

💻 Affected Systems

Products:

Progress Telerik UI for WPF

Versions: All versions prior to 2024 Q3 (2024.3.924)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Applications must use Telerik hyperlink controls to be vulnerable. Custom implementations may not be affected.

📦 What is this software?

Ui For Wpf by Telerik

View all CVEs affecting Ui For Wpf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Limited command execution within application context, potentially leading to data exfiltration, privilege escalation, or lateral movement.

🟢

If Mitigated

No impact if application is properly patched or uses input validation/sanitization for hyperlink elements.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction with malicious hyperlinks, but no authentication is needed once the link is triggered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3.924 (2024 Q3 release)

Vendor Advisory: https://docs.telerik.com/devtools/wpf/knowledge-base/command-injection-cve-2024-7575

Restart Required: Yes

Instructions:

1. Update Telerik UI for WPF to version 2024.3.924 or later. 2. Rebuild and redeploy affected applications. 3. Restart applications/services using the updated components.

🔧 Temporary Workarounds

Input Validation for Hyperlinks

windows

Implement strict input validation and sanitization for all hyperlink content before processing.

Disable Untrusted Hyperlinks

windows

Configure applications to disable or restrict hyperlink functionality from untrusted sources.

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable applications from critical systems.
Deploy application control solutions to restrict execution of unauthorized commands.

🔍 How to Verify

Check if Vulnerable:

Check application dependencies for Telerik UI for WPF versions below 2024.3.924.

Check Version:

Check project references or package manager (NuGet) for Telerik.UI.for.Wpf version.

Verify Fix Applied:

Verify Telerik UI for WPF version is 2024.3.924 or higher in application dependencies.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from WPF applications
Suspicious command-line arguments in process logs

Network Indicators:

Unexpected outbound connections from WPF applications
Command and control traffic patterns

SIEM Query:

Process Creation where (CommandLine contains suspicious patterns) AND (ParentImage contains wpf-related executables)

📊 Metadata

CVE ID: CVE-2024-7575

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: September 25, 2024

Last Updated: October 3, 2024

🔗 References

https://docs.telerik.com/devtools/wpf/knowledge-base/command-injection-cve-2024-7575 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7575, you might also want to check these: