Citrix Content Collaboration ShareFile Improper Access Control Vulnerability (CVE-2023-24489)
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2023-09-06 under CISA BOD 22-01.
This is a Software Vulnerability (CWE-284) (CWE-284) vulnerability in Citrix Content Collaboration. A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2023-08-16 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2023-09-06.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.