CVE-2023-24489

Name: CVE-2023-24489
Creator: NVD / NIST
Published: 2023-07-10T22:15:09.197+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 95.08%

Last modified Jun 17, 2026

CVE-2023-24489 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.. CISA has confirmed active exploitation in the wild. EPSS estimates a 95.08% chance of exploitation in the next 30 days.

Description

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

95.08%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Sep 6, 2023.

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions
Citrix	Sharefile Storage Zones Controller	< 5.11.24

References

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489Broken Link, Vendor Advisory
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489Broken Link, Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-24489US Government Resource

Timeline

Published: Jul 10, 2023
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-24489?

How severe is CVE-2023-24489?

CVE-2023-24489 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 95.08% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2023-24489?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-24489?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST