CISA warns of a new bug in Citrix ShareFile service that allows an attacker to exploit the customer-managed storage zones remotely, thus forming a supply chain attack.
Workable exploits for this bug are already in the wild, leading to some searching for vulnerable ShareFile servers and some attempting to exploit them. And since a patch is already available, CISA asks its federal agencies to apply it as soon as possible.
Managed file transfer (MFT), the software service that lets companies manage sharing of files between themselves and customers, are crucial network since they’re connected across a wide range of devices. Infecting anyone in the pipeline can lead to the disruption of the entire network.
And this is what CISA is worrying about its federal agencies that use Citrix ShareFile (also known as Citrix Content Collaboration) service. Its software manages file transfer through connected cloud storage, like Amazon AWS or Microsoft Azure, allowing customers and employees to upload and download files securely.
But a bug in the ShareFile – tracked as CVE-2023-24489 – is being targeted by unknown actors in the wild, warns CISA. Asking the US federal agencies to patch this bug by September 6th, 2023, CISA has added this flaw to its catalogue of Known Exploited Vulnerabilities.
The bug was initially discovered by AssetNote, a cybersecurity firm that noted errors in ShareFile’s implementation of AES encryption, causing the service to allow unauthenticated attackers to compromise customer-managed storage zones.
Their technical write-up helped several researchers and threat actors to make their exploits, which are in the wild, and being used to target vulnerable ShareFile servers. A security scan by GreyNoise last month revealed that attempts to exploit the vulnerability are active in the wild, especially after CISA’s warning and AssetNote’s details.
While there are no successful exploitations recorded yet, CISA and researchers warn customers using Citrix ShareFile service to secure it immediately.
