Remote Compromise in Customer-Managed ShareFile Storage Zones Controller by Citrix
CVE-2023-24489
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 10 July 2023
Badges
Summary
A significant vulnerability has been identified in the customer-managed ShareFile Storage Zones Controller by Citrix. This vulnerability enables an unauthenticated attacker to potentially gain unauthorized remote access and compromise the system, posing serious security risks for users relying on this storage solution. It is essential for organizations using this product to apply the necessary mitigations and stay informed about updates.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Citrix ShareFile Storage Zones Controller 0 < 5.11.24
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Help Net SecurityCVE-2023-24489Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) - Help Net Security
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers.
References
EPSS Score
97% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π°
First article discovered by Help Net Security
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved