A critical severity vulnerability in the customer-managed ShareFile storage zones controller is exploited in the wild. CVE-2023-24489 has been given a CVSS score of 9.1. Successful exploitation of the vulnerability may allow an unauthenticated attacker to compromise the customer-managed ShareFile storage zones controller remotely. The vulnerability arises due to improper resource control that may lead to unauthenticated remote compromise.
CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog urging users to patch it before September 6, 2023.
Citrix ShareFile is a managed file transfer SaaS cloud storage service that allows customers and workers to upload and download files securely.
Additionally, the service provides enterprise customers with a “Storage zones controller” solution that enables them to set up their private data storage to host files at compatible cloud infrastructures like Windows Azure and Amazon S3.
Affected Versions
This vulnerability affects all currently supported customer-managed ShareFile StorageZone Controller versions before 5.11.24.
Mitigation
Customers must upgrade to Citrix ShareFile StorageZones Controller version 5.11.24 or later to patch the vulnerability.
Please refer to the Citrix Security Bulletin (CTX559517) for more information.
Qualys Detection
Qualys customers can scan their devices with QID 378615 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.