Citrix released an Advisory for customer-managed ShareFile-Appliances:
Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.
Very important is the following statement:
Storage zones created using a vulnerable version of the storage zones controller are at
risk even if the storage zones controller has been subsequently updated.
Customer-managed storage zones created using the following versions of the storage zones controller are affected:
- ShareFile storage zones Controller 5.9.0
- ShareFile storage zones Controller 5.8.0
- ShareFile storage zones Controller 5.7.0
- ShareFile StorageZones Controller 5.6.0
- ShareFile StorageZones Controller 5.5.0
- All earlier versions of ShareFile StorageZones Controller
Citrix provides an detailed KB-Article on how to migrate.
We found 4.800 Customer-Citrix-Appliances online accessible.
PoCs
- https://github.com/DimitriNL/CTX-CVE-2020-7473
References
- Advisory: https://support.citrix.com/article/CTX269106
- PoC: https://github.com/DimitriNL/CTX-CVE-2020-7473
Fragen? Kontakt: info@zero.bs