The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a essential safety flaw in Citrix ShareFile storage zones controller to its Recognized Exploited Vulnerabilities (KEV) catalog, primarily based on proof of energetic in-the-wild exploitation.
Tracked as CVE-2023-24489 (CVSS rating: 9.8), the shortcoming has been described as an improper entry management bug that, if efficiently exploited, might enable an unauthenticated attacker to compromise susceptible cases remotely.
The issue is rooted in ShareFile’s dealing with of cryptographic operations, enabling adversaries to add arbitrary recordsdata, leading to distant code execution.
“This vulnerability impacts all at present supported variations of customer-managed ShareFile storage zones controller earlier than model 5.11.24,” Citrix stated in an advisory launched in June. Dylan Pindur of Assetnote has been credited with discovering and reporting the problem.
It is price noting that the first indicators of exploitation of the vulnerability emerged towards the top of July 2023.
The identification of the risk actors behind the assaults is unknown, though the Cl0p ransomware gang has taken a specific curiosity in making the most of zero-days in managed file switch options comparable to Accellion FTA, SolarWinds Serv-U, GoAnywhere MFT, and Progress MOVEit Switch in recent times.
Menace intelligence agency GreyNoise stated it noticed a major spike in exploitation makes an attempt concentrating on the flaw, with as many as 75 distinctive IP addresses recorded on August 15, 2023, alone.
“CVE-2023-24489 is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller, a .NET net utility working beneath IIS,” GreyNoise stated.
“The applying makes use of AES encryption with CBC mode and PKCS7 padding however doesn’t appropriately validate decrypted knowledge. This oversight permits attackers to generate legitimate padding and execute their assault, resulting in unauthenticated arbitrary file add and distant code execution.”
Federal Civilian Govt Department (FCEB) companies have been mandated to use vendor-provided fixes to remediate the vulnerability by September 6, 2023.
The event comes as safety alarms have been raised about energetic exploitation of CVE-2023-3519, a essential vulnerability affecting Citrix’s NetScaler product, to deploy PHP net shells on compromised home equipment and achieve persistent entry.