PoC Release for Critical Pre-Authentication RCE Vulnerability in Citrix Content Collaboration (CVE-2023-24489)

On 13 June, Citrix released a security advisory and patch for a critical remote code execution (RCE) vulnerability (CVE-2023-24489) in their ShareFile Storage Zones Controller, impacting Citrix Content Collaboration. On 4 July, a Proof-of-Concept (PoC) has been released and we have since observed interest on dark web hacking forums to weaponise a PoC exploit for the vulnerability.

Furthermore, we observe a similar vulnerability (CVE-2021-22941) impacting Citrix ShareFile listed on CISA’s Known Exploited Vulnerabilities Catalog. The 2021 vulnerability was added to CISA’s Known Exploited Vulnerabilities Catalog in April 2022 after researchers detected a notorious initial access broker, PROPHET SPIDER, exploiting CVE-2021-22941 to gain unauthorised access to the underlying Microsoft Internet Information Services (IIS) webserver.

We posit that the vulnerability will quickly be weaponised by malicious actors and urge impacted users to apply the patch immediately, if not already applied.

https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489