Security News > 2023 > August > CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities catalog, based on evidence of active in-the-wild exploitation.

"This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix said in an advisory released in June.

It's worth noting that the first signs of exploitation of the vulnerability emerged toward the end of July 2023.

"CVE-2023-24489 is a cryptographic bug in Citrix ShareFile's Storage Zones Controller, a.NET web application running under IIS," GreyNoise said.

"The application uses AES encryption with CBC mode and PKCS7 padding but does not correctly validate decrypted data. This oversight allows attackers to generate valid padding and execute their attack, leading to unauthenticated arbitrary file upload and remote code execution."

The development comes as security alarms have been raised about active exploitation of CVE-2023-3519, a critical vulnerability affecting Citrix's NetScaler product, to deploy PHP web shells on compromised appliances and gain persistent access.

News URL

https://thehackernews.com/2023/08/cisa-adds-citrix-sharefile-flaw-to-kev.html