Threat intelligence company Greynoise has reported the first attempts to exploit a critical remote code execution (RCE) vulnerability in Citrix ShareFile, a popular cloud-based file-sharing and collaboration solution. The vulnerability, tracked as CVE-2023-24489, allows unauthenticated file upload leading to RCE. Cybersecurity firm Assetnote, which identified and reported the bug, estimates there are between 1,000 and 6,000 internet-accessible ShareFile instances, making it a potential target for attackers seeking sensitive data.
Citrix patched the flaw in June 2023, but the release of proof-of-concept (PoC) code and additional PoC exploits have increased the likelihood of in-the-wild exploitation. GreyNoise has observed IP addresses attempting to exploit the vulnerability, emphasizing the urgency for ShareFile users to update their installations.
Read more: https://www.securityweek.com/exploitation-of-recent-citrix-sharefile-rce-vulnerability-begins/