Cyber Resilience

CVE-2023-24489

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 10 July 2023

Published
10 July 2023
Modified
26 February 2026
KEV Added
16 August 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9439 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24489 is a critical-severity Improper Access Control (CWE-284) vulnerability in Citrix Sharefile Storage Zones Controller. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability tracked as CVE-2023-24489 affects the customer-managed ShareFile storage zones controller. The flaw, assigned a CVSS score of 9.8, stems from improper access control (CWE-284) and permits remote compromise without authentication.

An unauthenticated attacker can exploit the issue over the network to achieve full control of the affected controller, resulting in complete loss of confidentiality, integrity, and availability of the system and any data it manages.

Citrix has published a security update addressing the vulnerability in the ShareFile storage zones controller, and the flaw appears in CISA's catalog of known exploited vulnerabilities, confirming active exploitation in the wild. The associated EPSS score remains elevated, with a current value of 0.9439 and a recorded peak of 0.9745.

EU & UK References

Vulnerability details

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

CWE(s)
KEV Date Added
16 August 2023

Related Threats

Threat-Actor AttributionAI

Cl0paka Clop
Widely reported as exploited by Cl0p ransomware group in 2023 mass campaign against ShareFile (Mandiant, Microsoft, BleepingComputer).

Affected Assets

citrix
sharefile storage zones controller
≤ 5.11.24

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and access restrictions on the ShareFile controller, blocking the unauthenticated remote actions permitted by the improper access control flaw.

prevent

Requires prompt application of the vendor security update (CTX559517) that eliminates the remotely exploitable access-control weakness.

AC-17 Remote Access partial match
prevent

Mandates authenticated and authorized remote access mechanisms for the customer-managed storage zones controller, reducing exposure to network-reachable unauthenticated compromise.

References