Security News > 2023 > August > CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities catalog, based on evidence of active in-the-wild exploitation.
"This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix said in an advisory released in June.
It's worth noting that the first signs of exploitation of the vulnerability emerged toward the end of July 2023.
"CVE-2023-24489 is a cryptographic bug in Citrix ShareFile's Storage Zones Controller, a.NET web application running under IIS," GreyNoise said.
"The application uses AES encryption with CBC mode and PKCS7 padding but does not correctly validate decrypted data. This oversight allows attackers to generate valid padding and execute their attack, leading to unauthenticated arbitrary file upload and remote code execution."
The development comes as security alarms have been raised about active exploitation of CVE-2023-3519, a critical vulnerability affecting Citrix's NetScaler product, to deploy PHP web shells on compromised appliances and gain persistent access.
News URL
https://thehackernews.com/2023/08/cisa-adds-citrix-sharefile-flaw-to-kev.html
Related news
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Citrix shares mitigations for ongoing Netscaler password spray attacks (source)
- CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |
| 2023-07-10 | CVE-2023-24489 | Unspecified vulnerability in Citrix Sharefile Storage Zones Controller A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 |