News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken due to evidence of active exploitation in the wild. Tracked as CVE-2023-24489, the vulnerability has a CVSS score of 9.8 and is classified as an improper access control bug. If successfully exploited, it could allow an unauthenticated attacker to compromise vulnerable instances remotely. The vulnerability originates from ShareFile’s handling of cryptographic operations, enabling attackers to upload arbitrary files and execute remote code.

Citrix has already released an advisory in June, stating that the vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller prior to version 5.11.24. The issue was discovered and reported by Dylan Pindur of Assetnote. The first signs of exploitation were observed in late July 2023. The identity of the threat actors behind the attacks remains unknown.

The vulnerability has attracted the attention of the Cl0p ransomware gang, which has a history of taking advantage of zero-day vulnerabilities in managed file transfer solutions. Threat intelligence firm GreyNoise has reported a significant increase in exploitation attempts targeting the flaw, with 75 unique IP addresses recorded on August 15, 2023.

CVE-2023-24489 is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller. The application uses AES encryption with CBC mode and PKCS7 padding but fails to validate decrypted data correctly. This oversight allows attackers to generate valid padding and execute their attack, resulting in unauthenticated arbitrary file upload and remote code execution.

Federal Civilian Executive Branch (FCEB) agencies have been instructed to apply vendor-provided fixes to address the vulnerability by September 6, 2023. Additionally, concerns have been raised about the active exploitation of CVE-2023-3519, a critical vulnerability affecting Citrix’s NetScaler product, which allows attackers to deploy PHP web shells and gain persistent access to compromised appliances.

The post U.S. Cybersecurity Agency Adds Critical Security Flaw in Citrix ShareFile to Known Exploited Vulnerabilities Catalog appeared first on satProviders.