The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a critical security flaw in Citrix ShareFile storage zones controller to its Acknowledged Exploited Vulnerabilities (KEV) catalog, centered on proof of active in-the-wild exploitation.
Tracked as CVE-2023-24489 (CVSS rating: 9.8), the shortcoming has been explained as an improper entry manage bug that, if efficiently exploited, could permit an unauthenticated attacker to compromise susceptible circumstances remotely.
The trouble is rooted in ShareFile’s dealing with of cryptographic functions, enabling adversaries to upload arbitrary files, ensuing in remote code execution.
“This vulnerability has an effect on all currently supported variations of consumer-managed ShareFile storage zones controller before variation 5.11.24,” Citrix mentioned in an advisory introduced in June. Dylan Pindur of Assetnote has been credited with getting and reporting the issue.
It really is truly worth noting that the first indications of exploitation of the vulnerability emerged toward the end of July 2023.
The identity of the risk actors powering the assaults is unfamiliar, although the Cl0p ransomware gang has taken a unique curiosity in having gain of zero-days in managed file transfer answers this kind of as Accellion FTA, SolarWinds Serv-U, GoAnywhere MFT, and Development MOVEit Transfer in new years.
Risk intelligence firm GreyNoise claimed it noticed a important spike in exploitation makes an attempt focusing on the flaw, with as quite a few as 75 one of a kind IP addresses recorded on August 15, 2023, alone.
“CVE-2023-24489 is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller, a .NET web software operating less than IIS,” GreyNoise said.
“The application works by using AES encryption with CBC manner and PKCS7 padding but does not appropriately validate decrypted info. This oversight allows attackers to generate legitimate padding and execute their attack, top to unauthenticated arbitrary file upload and remote code execution.”
Federal Civilian Executive Branch (FCEB) agencies have been mandated to utilize vendor-provided fixes to remediate the vulnerability by September 6, 2023.
The growth arrives as security alarms have been raised about energetic exploitation of CVE-2023-3519, a critical vulnerability impacting Citrix’s NetScaler item, to deploy PHP web shells on compromised appliances and get persistent obtain.
Observed this posting exciting? Adhere to us on Twitter and LinkedIn to read extra exceptional written content we write-up.
Some parts of this article are sourced from:
thehackernews.com