The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its catalog of know exploited vulnerabilities, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 6, 2023 to protect their networks against this active threat. We urge everyone else to take it seriously too and preferably not to wait untill the last moment.
According to the Citrix security advisory, this vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. Customers using ShareFile-managed storage zones in the cloud do not need to take any action.
Citrix customers should update to the latest version of ShareFile storage zones controller and read the instructions for upgrading. As an extra precaution Citrix has blocked all customer-managed ShareFile storage zones controllers versions prior to the latest version (5.11.24). Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability at hand is listed as CVE-2023-24489 and has a CVSS score of 9.1 out of 10. It is a cryptographic bug in Citrix ShareFile's Storage Zones Controller, a .NET web application running under Internet Information Services (IIS). Due to errors in how ShareFile handles cryptographic operations, attackers can generate valid padding which enables unauthenticated attackers to upload arbitrary files, leading to remote code execution (RCE).
Several Proof of Concepts (PoCs) have been made available since the vulnerability was discovered in July.
This year, the Cl0p ransomware gang has made extensive use of vulnerabilities in file transfer software. In March it emerged from dormancy to become the most active gang in the world by exploiting a zero-day vulnerability in GoAnywhere MFT. After going quiet for a few months it repeated the trick in June and July as its widespread exploitation of a MOVEit Transfer zero-day vulnerability became clear.
With Cl0p seemingly looking for exactly this kind of vulnerability, it should be a no-brainer that this needs to be patched as soon as possible.
We don't just report on vulnerabilities–we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.