CISA Urges Patching of Actively Exploited Citrix Bug

Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Citrix flaw patched in June is being actively exploited in the wild.

CVE-2023-24489 was added to the agency’s Known Exploited Vulnerabilities Catalog yesterday, with CISA warning it poses “significant risks to the federal enterprise.”

The flaw is described as an improper access control vulnerability in Citrix ShareFile (aka Citrix Content Collaboration). If exploited, it “could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller,” CISA said.

Citrix released an advisory on the critical severity bug, which has a CVSS score of 9.1, on June 13.

“This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24,” it said, when releasing the update.

Read more on flaws in file sharing software: Clop Ransom Gang Breaches Big Names Via MOVEit Flaw

Citrix Content Collaboration is software that allows enterprise file sync and sharing. Its storage zones controller feature enables users to extend these file sharing capabilities to private data storage in order to meet regulatory requirements.

“The storage zones that you maintain can reside in your on-premises single-tenant storage system or in supported third-party cloud storage. This includes Amazon S3 and Windows Azure,” Citrix explains.

“Storage zones controller also provides users with secure access to SharePoint sites and network file shares through storage zone connectors. Storage zone connectors enable you to provide secure mobile access to data residing behind your corporate firewall without the need to migrate data to the cloud.”

File sharing services have become a popular target for ransomware groups over recent years, with the Clop group in particular exploiting zero-day vulnerabilities in MOVEit, and earlier in Accellion and GoAnywhere products, to devastating effect.

That’s why CISA demands all federal civilian agencies patch the vulnerability by September 6. Private enterprises are encouraged to follow suit.

Products You May Like

Articles You May Like

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
CISA and EPA Warn of Cyber Risks to Water System Interfaces
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

Leave a Reply

Your email address will not be published. Required fields are marked *