The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability, CVE-2023-24489 [1] [2] [3] [4] [5] [6] [7] [8] [9], in Citrix ShareFile [1] [2] [3] [4] [5] [6] [7] [8] [9], a widely used secure file sharing and storage platform [8]. This vulnerability poses a significant risk to businesses and professionals who rely on ShareFile for collaboration and document exchange.


CVE-2023-24489 is a flaw that allows an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller [2] [7]. It has a CVSS score of 9.8 [8], indicating its severity. Citrix has addressed this vulnerability in a June bulletin and urged users to upgrade to the fixed version [5]. However, despite these efforts, the flaw is actively being exploited [1] [5] [8].

Evidence of active exploitation started appearing in July [9], suggesting that some customers had not yet installed the necessary update [9]. Threat intelligence firm GreyNoise has detected a sudden increase in IP addresses involved in exploitation attempts [6], originating from compromised infrastructure in South Korea and the United States [5]. Additionally, proof of concept exploits have been published on GitHub [5], increasing the likelihood of future attacks [5].


Given the significant risks posed by this vulnerability, CISA has urged all federal civilian agencies to apply vendor patches by September 6 to mitigate these risks [2]. Private enterprises are also encouraged to take similar actions. It is worth noting that ShareFile is the latest managed file transfer product to be targeted, with recent attacks showing successful results for adversaries [5]. This highlights the importance of promptly addressing vulnerabilities and staying vigilant against potential cyber threats.