Citrix ShareFile flaw added by CISA to KEV Catalog as a result of In-the-Wild Attacks.
Based on proof of ongoing in-the-wild abuse, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a serious security vulnerability in Citrix ShareFile storage regions controller to its Known Exploited Vulnerabilities (KEV) database.
The flaw, identified as CVE-2023-24489 (CVSS score: 9.8), has been characterized as an inappropriate access control bug that, if exploited, might enable a remote compromise of susceptible instances by an Unofficial Attacker.
The issue stems from the way ShareFile handles cryptographic activities, which allows attackers to upload any file they want and run remote code as a result.
Citrix stated in a June alert that “this issue impacts every one of the existing accepted versions of customer-managed ShareFile storage regions controller before version 5.11.24.” Assetnote’s Dylan Pindur is credited for finding and reporting the problem.
It’s important to note that the flaw was initially exploited at the end of July 2023.
Even though the true nature of the threat actors responsible for the breaches is unknown, the Cl0p ransomware gang has recently shown an especially strong interest in exploiting zero-day vulnerabilities in handled file transfer solutions like Accellion FTA, SolarWinds Serv-U, GoAnywhere MFT, and Progress MOVEit Transfer.
A considerable increase in attempts to exploit the vulnerability was seen, according to threat intelligence company GreyNoise, with as many as 75 unique IP addresses being logged on August 15, 2023, alone.
“CVE-2023-24489 is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller, a .NET web-based application operating underneath IIS,” GreyNoise stated.
“The application employs CBC mode and PKCS7 padding along with AES encryption, but it fails to properly check encrypted data. This error makes it possible for attackers to create legitimate padding and carry out their attack, resulting in arbitrary file uploads and remote code execution.”
By September 6, 2023, Federal Civilian Executive Branch (FCEB) organizations are required to implement vendor-provided remedies to address the vulnerability.
The development occurs at the same time that security concerns have been highlighted over the ongoing exploitation of CVE-2023-3519, a serious vulnerability affecting Citrix’s NetScaler software, to install PHP web shells on vulnerable appliances and acquire persistent access.
About The Author:
Yogesh Naager is a content marketer that specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More Article Here
Google Releases The First Implementation of A Quantum-Resistant FIDO2 Security Key.
About Author
English