CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%
Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to remotely compromise the customer-managed ShareFile storage zones controller.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(179932);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/18");
script_cve_id("CVE-2023-24489");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/09/06");
script_name(english:"ShareFile Documents Unauthenticated Access (CTX559517)");
script_set_attribute(attribute:"synopsis", value:
"The Citrix Sharefile Storage Zones Controller instance found
on the remote host is affected by an unauthenticated access vulnerability.");
script_set_attribute(attribute:"description", value:
"Security issues have been identified in customer-managed Citrix ShareFile storage zone
controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker
to compromise the storage zones controller potentially giving an attacker the ability
to remotely compromise the customer-managed ShareFile storage zones controller.");
script_set_attribute(attribute:"see_also", value:"https://support.citrix.com/article/CTX559517");
script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-24489");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"patch_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/17");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:citrix:sharefile");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("citrix_sharefile_controller_win_installed.nbin", "citrix_sharefile_controller_web_detect.nbin");
script_require_keys("installed_sw/Citrix ShareFile StorageZones Controller");
exit(0);
}
include('vcf.inc');
var app = 'Citrix ShareFile StorageZones Controller';
var app_info = vcf::get_app_info(app:app);
var constraints = [
{ "min_version" : "1", "max_version": "5.11.23", "fixed_version" : "5.11.24" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%