The Cybersecurity & Infrastructure Security Agency (CISA) from the USA warns of attacks on the cloud storage solution ShareFile StorageZones Controller from Citrix. Admins should install the protected edition immediately.
The US agency has listed the “critical” vulnerability (CVE-2023-24489) in its catalog of known exploited vulnerabilities. The extent of the attacks is currently unknown.
Assetnote security researchers discovered the vulnerability. They describe the cornerstones of the vulnerability in a detailed report. At its core, it is about errors in the implementation of AES encryption. If an attack works, attackers should be able to gain remote access without authentication, run their own code and thus compromise systems.
The vulnerability has been known since June 2023. Since then there is also the patched version 5.11.24.
Go to home page
#Patch #Attackers #attack #Citrix #ShareFile