Security News > 2023 > August > CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities catalog, based on evidence of active in-the-wild exploitation.
"This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix said in an advisory released in June.
It's worth noting that the first signs of exploitation of the vulnerability emerged toward the end of July 2023.
"CVE-2023-24489 is a cryptographic bug in Citrix ShareFile's Storage Zones Controller, a.NET web application running under IIS," GreyNoise said.
"The application uses AES encryption with CBC mode and PKCS7 padding but does not correctly validate decrypted data. This oversight allows attackers to generate valid padding and execute their attack, leading to unauthenticated arbitrary file upload and remote code execution."
The development comes as security alarms have been raised about active exploitation of CVE-2023-3519, a critical vulnerability affecting Citrix's NetScaler product, to deploy PHP web shells on compromised appliances and gain persistent access.
News URL
https://thehackernews.com/2023/08/cisa-adds-citrix-sharefile-flaw-to-kev.html
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Citrix shares mitigations for ongoing Netscaler password spray attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |
2023-07-10 | CVE-2023-24489 | Unspecified vulnerability in Citrix Sharefile Storage Zones Controller A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 |