CVE-2020-7473

7.5HIGH

Key Information

Vendor: Citrix
Status: Sharefile Storagezones Controller
Vendor: CVE Published:; 7 May 2020

Badges

👾 Exploit Exists🔴 Public PoC

Summary

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CTX-CVE-2020-7473
Created by DimitriNL

Refferences

https://support.citrix.com/article/CTX269106

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 5, 2024
Vulnerability published.
May 7, 2020
Vulnerability Reserved.
Jan 21, 2020

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)