CVE-2023-24489 is a vulnerability in Citrix Sharefile Storage Zones Controller
Published on July 10, 2023
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Known Exploited Vulnerability
This Citrix Content Collaboration ShareFile Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.
The following remediation steps are recommended / required by September 6, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2023-24489 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2023-24489
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-24489 are published in these products:
What versions of Sharefile Storage Zones Controller are vulnerable to CVE-2023-24489?
-
Citrix Sharefile Storage Zones Controller
Fixed in Version 5.11.24