The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Citrix flaw patched in June is being actively exploited in the wild. CVE-2023-24489 was added to the agency’s Known Exploited Vulnerabilities Catalog yesterday, with CISA warning it poses “significant risks to the federal enterprise.” The flaw is described as an improper access control vulnerability in Citrix ShareFile (aka Citrix Content Collaboration). If exploited, it “could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller,” CISA said.
