US CISA has added critical flaw CVE-2023-24489 with a CVSS score 9.8 affecting Citrix ShareFile to its Known Exploited Vulnerabilities Catalog.
Citrix ShareFile is a secure file sharing and storage platform designed for businesses and professionals to collaborate on documents, exchange files, and manage content in a secure and efficient manner.
Content Collaboration is affected by an improper access control issue that can allow a remote, unauthenticated attacker to compromise customer-managed ShareFile storage zones controllers
Citrix addressed the vulnerability in June 2023 with the release of version 5.11.24.
Researchers from Greynoise warned at the end of July of the first attempts to exploit the vulnerability in Citrix ShareFile.
“Attackers can exploit this vulnerability by taking advantage of errors in ShareFile’s handling of cryptographic operations. The application uses AES encryption with CBC mode and PKCS7 padding but does not correctly validate decrypted data.” states Greynoise. “This oversight allows attackers to generate valid padding and execute their attack, leading to unauthenticated arbitrary file upload and remote code execution.”
Researchers at the cybersecurity firm Assetnote published technical details of the vulnerability and published (PoC) code for this flaw.
“A search online shows roughly 1000-6000 instances are internet accessible. This popularity, combined with the software being used to store sensitive data, meant if we found anything, it could have quite an impact.” reads the analysis published by Assetnote.
GreyNoisesearchers reported a huge spike in exploit activity today.
CISA orders federal agencies to fix this flaw by September 6, 2023.