Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-24489

Published: 10/07/2023 Updated: 18/07/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Sharefile Storage Zones Controller

Vulnerability Summary

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated malicious user to remotely compromise the customer-managed ShareFile storage zones controller.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

citrix sharefile storage zones controller

Github Repositories

https://github.com/adhikara13/CVE-2023-24489-ShareFile

This project is a Python script that exploits the CVE-2023-24489 vulnerability in ShareFile. It allows remote command execution on the target server. The script supports both Windows and Linux (On testing) platforms, and it can be used to exploit individual targets or perform mass checking on a list of URLs.

ShareFile RCE (CVE-2023-24489) This is a Python script that exploits a remote code execution vulnerability in the ShareFile application (CVE-2023-24489) This vulnerability allows an attacker to execute arbitrary commands on the target system Usage To use the script, follow the instructions below: Install the required dependencies: pip install requests

https://github.com/codeb0ss/CVE-2023-24489-Poc

CVE-2023-24489 PoC & Exploiter

Mass CVE-2023-24489 Exploiter [RCE] tme/codeb0ss

https://github.com/codeb0ss/CVE-2023-24489-PoC

CVE-2023-24489 PoC & Exploiter

Mass CVE-2023-24489 Exploiter [RCE] tme/codeb0ss

https://github.com/codeb0ss/CVE-2023-1112-EXP

CVE-2023-1112 Auto Exploiter

Mass CVE-2023-24489 Exploiter - Wordpress Drag-and-Drop-Multiple-File-Uploader-PRO (Path Traversal)

https://github.com/whalebone7/CVE-2023-24489-poc

POC for CVE-2023-24489 with bash.

CVE-2023-24489-poc POC for CVE-2023-24489 with bash It needs a list of targettxt full of the targets you want to test in this format: example1com example2com example3com The file must be within the same dir where the bash script is executed Please use with caution ! Reference: blogassetnoteio/2023/07/04/citrix-sharefile-rce/

Recent Articles

Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile

Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the business IT player fixed earlier this summer. Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday warned that criminals have exploited CVE-2023-24489, a 9.8-of-10-severity improper-access-control bug in Citrix ShareFile. ShareFile is the vendor's collaboration and file sharing application, and it allows enterprises to store files in the cloud or in an on-premises data cent...

Read more...

References

NVD-CWE-Otherhttps://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489https://nvd.nist.govhttps://www.theregister.co.uk/2023/08/17/citrix_mft_exploit/https://github.com/adhikara13/CVE-2023-24489-ShareFile
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook