← back
CVE-2023-24489

CVE-2023-24489

CVSS 9.8 CRITICALEPSS 95.1%● KEVCWE-284
In short

An unauthenticated attacker can remotely compromise a customer-managed ShareFile storage zones controller without needing any credentials or authorization. This is critical because attackers can gain full control of the system and access sensitive files.

Technical detail

The vulnerability in the customer-managed ShareFile storage zones controller allows unauthenticated remote code execution due to improper access control (CWE-284). An attacker can exploit this without prior authentication to achieve complete system compromise and unrestricted access to stored data.

Summary generated and translated by AI from the official description.
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Citrix · Citrix ShareFile Storage Zones Controller
public PoCs found2
githubgithub.com/adhikara13/CVE-2023-24489-ShareFile13githubgithub.com/whalebone7/CVE-2023-24489-poc1
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-24489