Over the past few weeks, software giant Citrix has provided privat corporate customers with a critical software update that resolves several security holes in the Citrix ShareFile content collaboration platform.
The Hacker News security consultant The Hacker News learned from Dmitry van de Gijssen, an ethical hacker and systems engineer, and is published today on Citrix.
Citrix ShareFile is an enterprise file-sharing solution that enables employees to securely share proprietary and confidential information.
The software provides a secure local cloud storage environment with audit and compliance capabilities. For example, a company may remotely block or delete data from potentially compromised mobile devices, or lose or steal them.
Recently identified security issues (CTX-CVE-2020-7473) have a particularly serious impact on the customer-managed local Citrix ShareFile zone controllers, a component that stores corporate data behind a firewall.
List of vulnerabilities :
According to the recommendation, if the vulnerabilities are exploited, they can allow an non-authenticated attacker to penetrate the storage controller and gain access to confidential documents and ShareFile folders.
List of committed and fixed versions of ShareFile Citrix
If your organization uses a local ShareFile Storage Area Controller version 5.9.0 / 5.8.0 / 5.7.0 / 5.6.0 / 5.5.0 or earlier, you will be affected and are recommended to upgrade your platform immediately to a Storage Area Controller version 5.10.0 / 5.9.1 / 5.8.1 or later.
It is important to note that if your storage space is created on one of the affected versions, the problem cannot be fully resolved by updating the software to the corrected version.
To address this issue, the company has released a separate mitigation tool that must be run first on the primary storage controller and then on all secondary controllers.
Once the tool works successfully in the main area, you MUST NOT make any changes. Reverse changes will make your area inaccessible, the consultant warns.
Full step-by-step details will be provided in the consultation as soon as they are available to the public.
In addition to the local solution, the cloud versions of the ShareFile storage area controllers were also affected, but the company has already corrected this problem and no further action is needed from the users.
Where does the error occur?
At the time of writing this article there were not many technical details about the main vulnerabilities, but an initial patch check performed by Dimitri showed that at least one of the vulnerabilities could remain in the old ASP.net toolkit used by Citrix Sharefile.
The outdated 9 year old version of AjaxControlToolkit, which would be shipped with affected versions of ShareFile software, contains vulnerabilities related to folder scanning and remote code execution (CVE-2015-4670), released in 2015.
To check if the Citrix ShareFile implementation is affected, please visit the following URL in your browser. If the page returns blank, it is vulnerable and if it is a 404 error, it is either defective or already corrected.
According to Dmitry, the mitigation tool makes some changes to the web.config file and then removes UploadTest.aspx and XmlFeed.aspx from the affected servers.