Lucene search
K

Progress Telerik UI for WPF 2024.4.1213 (CVE-2024-10095)

🗓️ 19 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 19 Views

Remote host has an outdated Telerik UI for WPF vulnerable to code execution risk (CVE-2024-10095).

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-10095
16 Dec 202419:02
circl
CNNVD
Progress Telerik UI 代码问题漏洞
16 Dec 202400:00
cnnvd
CVE
CVE-2024-10095
16 Dec 202416:59
cve
Cvelist
CVE-2024-10095 Progress UI for WPF format provider unsafe deserialization vulnerability
16 Dec 202416:59
cvelist
EUVD
EUVD-2024-33556
3 Oct 202520:07
euvd
NVD
CVE-2024-10095
16 Dec 202417:15
nvd
OSV
CVE-2024-10095
16 Dec 202417:15
osv
Positive Technologies
PT-2024-16023 · Telerik · Telerik Ui For Wpf
16 Dec 202400:00
ptsecurity
RedhatCVE
CVE-2024-10095
5 Feb 202505:12
redhatcve
Vulnrichment
CVE-2024-10095 Progress UI for WPF format provider unsafe deserialization vulnerability
16 Dec 202416:59
vulnrichment
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(213244);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/27");

  script_cve_id("CVE-2024-10095");
  script_xref(name:"IAVB", value:"2024-B-0199");

  script_name(english:"Progress Telerik UI for WPF 2024.4.1213 (CVE-2024-10095)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Progress Telerik UI for WPF installed on the remote host is prior to 2024.4.1213. It is, therefore,
affected by a vulnerability as referenced in the CVE-2024-10095 advisory.

  - In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is
    possible through an insecure deserialization vulnerability. (CVE-2024-10095)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-vulnerability-cve-2024-10095
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9a059ae8");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Progress Telerik UI for WPF version 2024.4.1213 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-10095");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/12/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:telerik:ui_for_wpf");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("progress_telerik_ui_for_wpf_installed.nbin");
  script_require_keys("installed_sw/Progress Telerik UI for WPF", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'Progress Telerik UI for WPF', win_local:TRUE);

if (!app_info.wpf_installed)
{
  audit(AUDIT_HOST_NOT, 'using a vulnerable configuration');
}

var constraints = [
  { 'fixed_version' : '2024.4.1213' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Aug 2025 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.18.4 - 9.8
EPSS0.00743
SSVC
19