Critical Citrix ShareFile Flaw Exploited in the Wild: CISA Warns


Citrix ShareFile is a cloud-based platform used by organizations to store and share large files. It also allows users to create branded, password-protected files through their services. 

ShareFile Storage Zone enables administrators to choose between ShareFile-managed, secure cloud storage or IT-managed storage zones (On-Prem) within an organization’s data center.

ShareFile Storage Zone Controller is an extended ShareFile Software as a Service cloud storage that offers private data storage with a ShareFile account.

Nevertheless, ShareFile has been discovered with a critical security flaw that allows threat actors to compromise customer-managed ShareFile Storage Zone controllers remotely.

In addition, this vulnerability has been added to the list of Known Exploited vulnerabilities by the CISA (Cybersecurity and Infrastructure Security Agency).

CVE-2023-24489: Improper Resource Control

Citrix ShareFile Storage Zone Controller is a .NET application that runs under IIS and uses AES encryption with CBC (Cipher Block Chaining) mode PKCS#7 (Public-Key Cryptography Standard) padding, which has a bug in validating the decrypted data.

Hence, this unauthenticated arbitrary file upload leading to remote code execution on Citrix ShareFile Storage Zone Controller exists due to an error in handling cryptographic operations.

The severity for this vulnerability was given as 9.8 (Critical) by NVD, as reported to Cyber Security News by GreyNoise.

As per the research from AssetNote, this vulnerability was initially started with a Path Traversal on the parentId parameter via upload.targetPath member variable. Furthermore, the encryption and authentication were researched and found with this cryptographic bug leading to remote code execution.

In addition, a PoC(Proof-of-concept) has been published on GitHub, opening a wide space for threat actors to target this vulnerability in vulnerable instances. As per the AssetNote report, 1000-6000 instances of ShareFile Storage Zone Controllers have been exposed on the internet.

Citrix has released patches for a vulnerability that affects Citrix ShareFile Content Collaboration. However, network access to the ShareFile storage zones controller is required to exploit this vulnerability.

Users of this product are recommended to upgrade to the latest version of Citrix to prevent threat actors from exploiting it.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.





Source link