CVE-2023-24489

CRITICAL KEV RANSOMWARE NUCLEI

ShareFile - RCE

Title source: llm

Description

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

Exploits (4)

nomisec WORKING POC 13 stars

by adhikara13 · remote

https://github.com/adhikara13/CVE-2023-24489-ShareFile

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by whalebone7 · remote

https://github.com/whalebone7/CVE-2023-24489-poc

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/lal0ne/vulnerability

View on vulncheck_xdb

inthewild

poc

https://github.com/codeb0ss/cve-2023-24489-poc

View on inthewild

Nuclei Templates (1)

Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDK,dwisiswant0

Shodan: title:"ShareFile Storage Server" || http.title:"sharefile storage server"

FOFA: title="sharefile storage server"

References (2)

[Broken Link, Vendor Advisory] https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-24489

Scores

CVSS v3 9.8

EPSS 0.9439

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-08-16

VulnCheck KEV 2023-07-26

InTheWild.io 2023-08-16

ENISA EUVD EUVD-2023-28507

Ransomware Use Confirmed

CWE

CWE-284

Status published

Products (1)

citrix/sharefile_storage_zones_controller < 5.11.24

Published Jul 10, 2023

KEV Added Aug 16, 2023

Tracked Since Feb 18, 2026