CVE-2023-24489
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
DESCRIPTION
Citrix has released an update to address a security vulnerability affecting its product Citrix Content Collaboration. A vulnerability has been discovered in the ShareFile storage zone controller managed by customers. If exploited, this vulnerability could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zone controller.
This vulnerability affects all versions of the customer-managed ShareFile storage zone controller prior to version 5.11.24. Therefore, customers are advised to promptly upgrade to the patched version (5.11.24 or later) to mitigate this vulnerability.
If left unaddressed, this vulnerability could be exploited by attackers for malicious purposes. The vulnerability has been assigned CCVE-2023-24489 (CVSS score: 9.1) with Critical severity.
Based on the CVSS Score issued by the National Vulnerability Database (NVD), this vulnerability has a score of 9.8 for 2023-24489. The vulnerability score is categorized as Critical.
VULNERABILITY IMPACT
An attacker who successfully exploits this vulnerability can gain access to the ShareFile storage zone controller without needing valid credentials.
This means that the attacker can access sensitive data and configurations within the storage zone.
RECOMMENDATIONS
Upgrade Storage Zone Controller: If you are using the customer-managed ShareFile storage zones controller before version 5.11.24, immediately upgrade to the patched version (5.11.24 or newer). This is the most crucial action to mitigate this vulnerability.
Here are the links providing further information and instructions regarding the ShareFile storage zone controller update: