CTI Flash Briefing: Citrix ShareFile critical flaw exploited in the wild
Breakdown
Citrix ShareFile has a critical secure file transfer vulnerability that is being tracked under CVE-2023–24489. The Cybersecurity and Infrastructure Security Agency (CISA) has now added it to their known vulnerabilities catalog which gives 90 days for all government related agencies to fully patch their systems. They made this update based on evidence the vulnerability is now under active exploitation in-the-wild by a group of unknown threat actors.
Area of Impact
This alert only applies to customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Overview
All currently supported version before version 5.11.24 are affected and need to be upgraded to the current fixed version. They have blocked all customer-managed ShareFile storage zones controllers configured with the previous versions to protect customer environments. Once the 5.11.24 update is applied, customers will be able to reinstate their storage zone controllers.
From TheHackerNews article we get an overview of the attack:
It’s worth noting that the first signs of exploitation of the vulnerability emerged toward the end of July 2023. The identity of the threat actors behind the attacks is unknown, although the Cl0p ransomware gang has taken a particular interest in taking advantage of zero-days in managed file transfer solutions such as Accellion FTA, SolarWinds Serv-U, GoAnywhere MFT, and Progress MOVEit Transfer in recent years. Threat intelligence firm GreyNoise said it observed a significant spike in exploitation attempts targeting the flaw, with as many as 75 unique IP addresses recorded on August 15, 2023, alone.
Recommendation
Per the Citrix Support article referenced earlier, they provide a link to the latest version of the software for patching/updating and also a link for detailed technical instructions on upgrading your Storage Zones Controller.
Conclusion
To our current SOC partnerships, please reach out to our SOC team to learn more about the best steps in researching your exposure to this threat. If you have any questions on this on-going event or need any level of security assistance, please reach out to Hunter Strategy and we will be happy to discuss next steps in securing your IT systems!
Contact Us
contact@hunterstrategy.net
