Citrix ShareFile has a remote code execution vulnerability [CVE-2023-24489]. By exploiting a seemingly innocuous cryptographic bug, an unauthenticated attacker can upload arbitrary files.
What To Do
Use the Product filter on the Companies List page in the Continuous Monitoring application to search for “ShareFile.” This delivers companies who might leverage this product based on firmographic data.
The firmographic data is based on qualitative evidence, indicating potential product use. Cross-check with information from your vendors/third parties to confirm whether they use the product and whether they use a version of the product known to be vulnerable.
Resources
- Assetnote Pty.Ltd., “Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)”
- Citrix Systems, Inc., “ShareFile StorageZones Controller Security Update for CVE-2023-24489”
Publication Date – August 21, 2023
Feedback
0 comments
Please sign in to leave a comment.