RCE in Progress Telerik_ui_for_winforms

CVE-2024-3892

A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (12.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-3892?
CVE-2024-3892 is a high-severity vulnerability in Progress Telerik_ui_for_winforms, classified under Code Injection. CVSS score: 7.2/10. Published 2024-05-15.
How severe is CVE-2024-3892?
High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2024-3892 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.