Initial Citrix ShareFile RCE exploitation commences

Attacks leveraging a critical remote code execution bug in Citrix ShareFile, tracked as CVE-2023-24489, were observed by GreyNoise to have begun earlier last week, SecurityWeek reports. "GreyNoise has observed IPs attempting to exploit this vulnerability. Two have never seen GreyNoise before this activity," said GreyNoise. Such a flaw, which has already been patched in June, could be exploited to enable total application compromise, according to Citrix. Meanwhile, Assetnote, which identified and reported the flaw, said that the bug stemmed from various errors that cause unauthenticated file uploads. "Although the [vulnerable] endpoint is not enabled in all configurations, it has been common amongst the hosts we have tested. Given the number of instances online and the reliability of the exploit, we have already seen a big impact from this vulnerability," said Assetnote, which initially released a proof-of-concept code earlier this month before publishing more PoC exploits. Immediate application of updates has been urged for Citrix FileShare users.