The US Cybersecurity and Infrastructure Safety Company (CISA) has warned {that a} Citrix flaw patched in Might is being actively exploited within the wild.
CVE-2023-24489 was added to the company’s Recognized Exploited Vulnerabilities Catalog yesterday, with CISA warning it poses “vital dangers to the federal enterprise.”
The flaw is described as an improper entry management vulnerability in Citrix ShareFile (aka Citrix Content material Collaboration). If exploited, it “might enable an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller,” CISA mentioned.
Citrix launched an advisory on the crucial severity bug, which has a CVSS rating of 9.1, on June 13. Nonetheless, the vulnerability was patched in Might by ShareFile. The corporate contacted Infosecurity to verify that, by Might 11, over 83% of consumers had patched their environments, earlier than the incident was made public. It claimed the incident affected lower than 3% of its set up base.
“When this vulnerability was found, we labored with and notified impacted clients upfront of the introduced CVE to replace to the most recent model of our software program to guarantee the security of their information,” it added. “Our management airplane is now not linked to any ShareFile StorageZones Controller (SZC) that isn’t patched.”
Read more on flaws in file sharing software: Clop Ransom Gang Breaches Big Names Via MOVEit Flaw
Citrix Content material Collaboration is software program that enables enterprise file sync and sharing. Its storage zones controller function allows customers to increase these file sharing capabilities to non-public information storage so as to meet regulatory necessities.
“The storage zones that you just keep can reside in your on-premises single-tenant storage system or in supported third-party cloud storage. This contains Amazon S3 and Home windows Azure,” Citrix explains.
“Storage zones controller additionally offers customers with safe entry to SharePoint websites and community file shares by means of storage zone connectors. Storage zone connectors allow you to offer safe cellular entry to information residing behind your company firewall with out the necessity to migrate information to the cloud.”
File sharing providers have turn out to be a well-liked goal for ransomware teams over latest years, with the Clop group specifically exploiting zero-day vulnerabilities in MOVEit, and earlier in Accellion and GoAnywhere merchandise, to devastating impact.
That’s why CISA demands all federal civilian companies patch the vulnerability by September 6. Non-public enterprises are inspired to observe swimsuit.
