A critical security vulnerability in Citrix ShareFile StorageZones Controller allows attackers to compromise systems by exploiting a resource control weakness, enabling unauthorized remote access. The issue has been patched for version 5.11.24. Citrix also released updates for Virtual Delivery Agent for CVAD and Citrix DaaS to address a medium-threat vulnerability related to unauthorized desktop launches.

Vulnerabilities

  • CVE-2023-24489 (risk: “critical”)
  • CVE-2023-21237 (risk: “critical”)
  • CVE-2023-24490 (risk: “medium”)

Information & Updates

  • Update to version 5.11.24

ShareFile StorageZones Controller is used to store data in the cloud. Attackers can target a vulnerability and compromise systems. A security update is available.

The vulnerability (CVE-2023-24489) is rated “critical”. Attackers need network access to the controller as a prerequisite for attacks. A warning message mentions improper resource control, which allows remote access without authentication. The manufacturer does not currently specify how such an attack could take place.

All versions in support are said to be affected by the vulnerability. The 5.11.24 release is said to be fixed.

Further security patches

Citrix has also released updates for Virtual Delivery Agent for CVAD and Citrix DaaS on Linux and Windows. Here attackers could launch unauthorized desktops. The vulnerability (CVE-2023-24490) is classified with the threat level “medium”. The manufacturer lists the versions secured against the attack in a warning message.

Resources

Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!