virus logo Threat Signal Report

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability (CVE-2023-24489)

Description

What is Citrix Content Collaboration? Citrix Content Collaboration is a security-focused collaboration, content sharing and synchronization service from Citrix for the enterprise.
What is the Attack? CVE-2023-24489 is a directory traversal vulnerability that affects Citrix Systems ShareFile StorageZones Controller prior to 5.11.24.
The vulnerability is due to improper validation of user input in the ProcessRawPostedFile function. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow an attacker to save files to an arbitrary file path under the web root directory, which could lead to the execution of arbitrary code.
The vulnerability has a CVSS score of 9.1 and is rated critical by Citrix.
Why is this Significant? This is significant because CISA added CVE-2023-24489 to the Known Exploited Vulnerabilities catalog on August 16, 2023, indicating that an attempted or successful exploitation has been observed. Therefore, FortiGuard Labs advises all users of the service to apply the patch as soon as possible.
What is the Vendor Solution?
Citrix released relevant updates in June, 2023.
What FortiGuard Coverage is available? FortiGuard Labs has an IPS signature "Citrix.ShareFile.SZC.ProcessRawPostedFile.Directory.Traversal" in place for CVE-2023-24489.

Telemetry

Appendix

ShareFile StorageZones Controller Security Update for CVE-2023-24489 (Citrix)

CISA Adds One Known Exploited Vulnerability to Catalog (CISA)

Citrix.ShareFile.SZC.ProcessRawPostedFile.Directory.Traversal (Fortinet)


ID 62
Date Aug 18, 2023
CVE ID CVE-2023-24489
Threat/
Vulnerability		 Directory Traversal Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services