Back to KEVs

CVE-2023-24489

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 24, 2023
Published Date: July 10, 2023
Last Updated: January 27, 2025
Vendor: Citrix
Product: Citrix ShareFile Storage Zones Controller
Description: A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2023-08-16 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2023-07-12 13:01:33 UTC) Source

References

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-08-16 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-24489.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

adhikara13/CVE-2023-24489-ShareFile

Type: github • Created: 2023-07-12 13:01:33 UTC • Stars: 13

This project is a Python script that exploits the CVE-2023-24489 vulnerability in ShareFile. It allows remote command execution on the target server. The script supports both Windows and Linux (On testing) platforms, and it can be used to exploit individual targets or perform mass checking on a list of URLs.