icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Experts Warn Attackers Started Exploiting Citrix ShareFile RCE Flaw CVE-2023-24489

Cyber Security Threat Summary:
Citrix ShareFile is a widely used cloud-based file-sharing application, which is affected by the critical remote code execution (RCE) tracked as CVE-2023-24489 (CVSS score of 9.1). The flaw impacts the customer-managed ShareFile storage zones controller, an unauthenticated, remote attacker can trigger the flaw to compromise the controller by uploading arbitrary file or executing arbitrary code.

Citrix addressed the vulnerability in June 2023 with the release of version 5.11.24.

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24 the company said in an advisory.

Security Officer Comments:
Researchers from Greynoise began warning of active attempts to exploit the vulnerability in Citrix ShareFile. The application uses AES encryption with CBC mode and PKCS7 padding, but does not properly validate the decrypted data. Using this flaw, threat actors are able to generate valid padding and execute an attack leading to unauthenticated arbitrary file upload and remote code execution.

GreyNoise has observed multiple IPs attempting to exploit this vulnerability. Researchers from Assetnote have published technical details and a proof of concept (PoC) for the flaw, so we expect active exploitation to increase as more threat actors weaponize this vulnerability.

Assetnote says they were able to scan the Internet and found roughly 1000-6000 instances of internet accessible Citrix ShareFile applications.

Suggested Correction(s):
Other PoC exploits have been published online, for this reason, experts warn that the number of attacks exploiting this issue will rapidly increase in the forthcoming days. Users should work to patch the issue as soon as possible.

Link(s):
https://support.citrix.com/article/
https://securityaffairs.com/148981/hacking/citrix-sharefile-cve-2023-24489-flaws-attacks.html

Contact Us for Threat Assistance
Back to Current Threats