Security News > 2023 > August > CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities catalog, based on evidence of active in-the-wild exploitation.
"This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix said in an advisory released in June.
It's worth noting that the first signs of exploitation of the vulnerability emerged toward the end of July 2023.
"CVE-2023-24489 is a cryptographic bug in Citrix ShareFile's Storage Zones Controller, a.NET web application running under IIS," GreyNoise said.
"The application uses AES encryption with CBC mode and PKCS7 padding but does not correctly validate decrypted data. This oversight allows attackers to generate valid padding and execute their attack, leading to unauthenticated arbitrary file upload and remote code execution."
The development comes as security alarms have been raised about active exploitation of CVE-2023-3519, a critical vulnerability affecting Citrix's NetScaler product, to deploy PHP web shells on compromised appliances and gain persistent access.
News URL
https://thehackernews.com/2023/08/cisa-adds-citrix-sharefile-flaw-to-kev.html
Related news
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |
| 2023-07-10 | CVE-2023-24489 | Unspecified vulnerability in Citrix Sharefile Storage Zones Controller A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 |