image credit: Adobe Stock

CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

August 17, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation.

Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited, could allow an unauthenticated attacker to compromise vulnerable instances remotely.

The problem is rooted in ShareFile’s handling of cryptographic operations, enabling adversaries to upload arbitrary files, resulting in remote code execution.

Read More on The Hacker News