VDB
CVE-2023-24489
CVE-2023-24489
PUBLISHED
KEV
In Citrix Systems ShareFile StorageZones Controller (von Kunden verwaltete Installationen) besteht eine Schwachstelle aufgrund unsachgemäßer Zugriffskontrollen. Ein entfernter Angreifer mit Netzwerkzugriff auf einen betroffenen Controller kann dies ausnutzen, um den Controller zu kompromittieren.
EPSS 94.39% · 100.0th percentile
Risk Scores
EPSS Score
94.39%
100.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix Systems | Citrix Systems ShareFile StorageZones Controller |
Timeline
- Jun 13, 2023 CVE Published
- Jul 11, 2023 EPSS Score
- Jul 11, 2023 Nuclei Template
- Jul 11, 2023 Fix Commit
- Jul 15, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Aug 14, 2023 CVE Updated
- Aug 16, 2023 CISA KEV Added
- Aug 16, 2023 PoC Published
- Aug 18, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1457.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1457 advisory
- https://support.citrix.com/article/CTX572352/shut-down-and-uninstall-remaining-unpatched-storage-zone-controllers-cve202324489 advisory
- https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/ advisory
- https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 advisory