7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.796 High
EPSS
Percentile
98.3%
Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile usersβ documents and folders.
These issues have been given the following identifiers:
Customer-managed storage zones created using the following versions of the storage zones controller are affected:
Storage zones created using the recently released versions of storage zones controllers listed below are not affected:
Storage zones created using a vulnerable version of the storage zones controller are at risk even if the storage zones controller has been subsequently updated.
Customers with Citrix-managed storage zones do not need to take any action. Customers with customer-managed storage zones should ensure they are running on a supported version. In order to address the issue customers are strongly recommended to run the mitigation tool as soon as possible on the storage zone controllers managing each impacted storage zone by following the guidance in the following support article:
<https://support.citrix.com/article/CTX269341>__
Citrix thanks Danske Bank Red-Team for working with us on CVE-2020-8982 and CVE-2020-8983 to protect Citrix customers. Citirix would also like to thank Daniel Jensen (@dozernz) for working with us to protect Citrix customers.
Citrix is notifying customers and channel partners with customer-managed storage zone controllers about this potential security issue. This article is also available from the Citrix Knowledge Center at <http://support.citrix.com/>.
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html>_.
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please visit the Citrix Trust Center at <https://www.citrix.com/about/trust-center/vulnerability-process.html>.
Date | Change |
---|---|
2020-05-05 | Initial publication |
2020-06-24 | Fixed versions updated |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.796 High
EPSS
Percentile
98.3%