Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-8983

Published: 07/05/2020 Updated: 15/05/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Sharefile Storagezones Controller

Vulnerability Summary

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

citrix sharefile storagezones controller

citrix sharefile storagezones controller 5.6.0

citrix sharefile storagezones controller 5.7.0

citrix sharefile storagezones controller 5.8.0

citrix sharefile storagezones controller 5.9.0

Vendor Advisories

Citrix Security Bulletins: Citrix ShareFile storage zones Controller multiple security updates
Description of Problem Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders These issues ...

Github Repositories

https://github.com/DimitriNL/CTX-CVE-2020-7473

Citrix Sharefile vulnerability check and fast research details

CTX-CVE-2020-7473 Citrix Sharefile Vulnerbility check Fast Research details CTX-CVE-2020-7473 Made on 20200416 Vulnerbility check: Open in a webbrowser yoursharefileservercompanynamecom/UploadTestaspx Or curl yoursharefileservercompanynamecom/UploadTestaspx --path-as-is Blank page = Server vulnerable Error 404 = server has been patched Notes: Output

References

CWE-22https://support.citrix.com/article/CTX269106https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharinghttps://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/https://nvd.nist.govhttps://github.com/DimitriNL/CTX-CVE-2020-7473https://support.citrix.com/article/CTX269106
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook