RCE in Progress Telerik_ui_for_winforms
CVE-2024-3892
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.002 (12.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Progress Telerik_ui_for_winforms
- Progress Software Corporation Telerik Ui For Winforms — versions v2021.1.122
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@progress.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2024-3892?
- CVE-2024-3892 is a high-severity vulnerability in Progress Telerik_ui_for_winforms, classified under Code Injection. CVSS score: 7.2/10. Published 2024-05-15.
- How severe is CVE-2024-3892?
- High severity. CVSS v3 base score is 7.2 out of 10.
- Is CVE-2024-3892 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.