CYBER NEWS

CVE-2020-7473: Citrix ShareFile Vulnerable, Corporate Data at Risk

Several security vulnerabilities in Citrix ShareFile content collaboration platform have been discovered.

CVE-2020-7473, CVE-2020-8982, CVE-2020-8983

Identified as CVE-2020-7473, CVE-2020-8982, and CVE-2020-8983, the vulnerabilities could allow an unauthenticated attacker to compromise the storage zones controller, enabling the attacker to access ShareFile users’ documents and folders.

Citrix ShareFile is an enterprise-level file sharing solution for businesses which enables employees to securely exchange sensitive business data. The vulnerabilities affect customer-managed on-premise Citrix ShareFile storage zone controllers, which stores corporate data.




According to the official Citrix security advisory, customer-managed storage zones created using the following versions of the storage zones controller are affected:

ShareFile storage zones Controller 5.9.0
ShareFile storage zones Controller 5.8.0
ShareFile storage zones Controller 5.7.0
ShareFile StorageZones Controller 5.6.0
ShareFile StorageZones Controller 5.5.0
All earlier versions of ShareFile StorageZones Controller

It should also be noted that storage zones created via a vulnerable version of the storage zones controller are at risk, even in case the storage zones controller has been subsequently updated.

What should Citrix customers do in light of the vulnerabilities?

According to the company’s advisory, customers with Citrix-managed storage zones don’t need to take any action. As for customers with customer-managed storage zones, they should ensure they are running on a supported version. To address the security issues, customers must run the mitigation tool as soon as possible on the storage zone controllers. Citrix has provided detailed instructions on how to do so in a separate support article which is only accessible by customers.


In January 2020, Citrix had another serious vulnerability in Citrix Gateway (NetScaler Gateway) and Citrix Application Delivery Controller (NetScaler ADC), which could expose 80,000 companies to hacks.

Working exploits against the CVE-2019-19781 flaw were reported later, which allowed attackers to perform arbitrary code execution attacks with an ease, without the need of account credentials.

Affected organizations were susceptible to criminals gaining access to their restricted networks by impersonating registered and authorized users.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...