CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation.

Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited, could allow an unauthenticated attacker to compromise vulnerable instances remotely.

The problem is rooted in ShareFile’s handling of cryptographic operations, enabling adversaries to upload arbitrary files, resulting in remote code execution.

“This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24,” Citrix said in an advisory released in June. Dylan Pindur of Assetnote has been credited with discovering and reporting the issue.

It’s worth noting that the first signs of exploitation of the vulnerability emerged toward the end of July 2023.

The identity of the threat actors behind the attacks is unknown, although the Cl0p ransomware gang has taken a particular interest in taking advantage of zero-days in managed file transfer solutions such as Accellion FTA, SolarWinds Serv-U, GoAnywhere MFT, and Progress MOVEit Transfer in recent years.

Threat intelligence firm GreyNoise said it observed a significant spike in exploitation attempts targeting the flaw, with as many as 75 unique IP addresses recorded on August 15, 2023, alone.

“CVE-2023-24489 is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller, a .NET web application running under IIS,” GreyNoise said.

“The application uses AES encryption with CBC mode and PKCS7 padding but does not correctly validate decrypted data. This oversight allows attackers to generate valid padding and execute their attack, leading to unauthenticated arbitrary file upload and remote code execution.”

Federal Civilian Executive Branch (FCEB) agencies have been mandated to apply vendor-provided fixes to remediate the vulnerability by September 6, 2023.

The development comes as security alarms have been raised about active exploitation of CVE-2023-3519, a critical vulnerability affecting Citrix’s NetScaler product, to deploy PHP web shells on compromised appliances and gain persistent access.

Leave a Comment Cancel Reply

London, GB

9:55 am, Jul 13, 2025

18°C

L: 17° | H: 21°

Feels like 18°C° overcast clouds

Humidity: 81 %

Pressure: 1013 mb

Wind: 8 mph ENE

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 100%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:58 am

Sunset: 9:13 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

17° | 21°°C 0 mm 0% 6 mph 81 % 1013 mb 0 mm/h

Tomorrow 10:00 pm

19° | 27°°C 0 mm 0% 15 mph 71 % 1015 mb 0 mm/h

Tue Jul 15 10:00 pm

15° | 22°°C 1 mm 100% 17 mph 85 % 1016 mb 0 mm/h

Wed Jul 16 10:00 pm

14° | 27°°C 0.11 mm 11% 11 mph 85 % 1017 mb 0 mm/h

Thu Jul 17 10:00 pm

18° | 27°°C 1 mm 100% 13 mph 95 % 1015 mb 0 mm/h

Today 10:00 am

18° | 22°°C 0 mm 0% 4 mph 81 % 1013 mb 0 mm/h

Today 1:00 pm

21° | 27°°C 0 mm 0% 3 mph 69 % 1013 mb 0 mm/h

Today 4:00 pm

26° | 30°°C 0 mm 0% 0 mph 45 % 1011 mb 0 mm/h

Today 7:00 pm

27° | 27°°C 0 mm 0% 6 mph 31 % 1008 mb 0 mm/h

Today 10:00 pm

23° | 23°°C 0 mm 0% 6 mph 40 % 1010 mb 0 mm/h

Tomorrow 1:00 am

19° | 19°°C 0 mm 0% 5 mph 40 % 1011 mb 0 mm/h

Tomorrow 4:00 am

20° | 20°°C 0 mm 0% 5 mph 52 % 1010 mb 0 mm/h

Tomorrow 7:00 am

19° | 19°°C 0 mm 0% 9 mph 71 % 1011 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€100,797.58	-0.01%
Ethereum(ETH)	€2,528.18	-0.27%
XRP(XRP)	€2.39	0.49%
Tether(USDT)	€0.86	0.00%
Solana(SOL)	€138.71	-0.19%
USDC(USDC)	€0.86	0.00%
Dogecoin(DOGE)	€0.169708	-1.11%
Shiba Inu(SHIB)	€0.000011	-1.43%
Pepe(PEPE)	€0.000010	-2.29%
Peanut the Squirrel(PNUT)	€0.246209	7.19%

CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us