CVE-2023-24489
ENISA EUVD: EUVD-2023-28507 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 20, 2026
2 articles
Published: 2023-07-10
EPSS Score
Source: FIRST.org · 2026-05-23
94.39%
probability
This CVE has a 94.39% probability
of being exploited in the next 30 days.
0%
Top 100.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Affected Products
Citrix
Citrix ShareFile Storage Zones Controller
0
Exploits & PoC
adhikara13/CVE-2023-24489-ShareFile
This project is a Python script that exploits the CVE-2023-24489 vulnerability in ShareFile. It allows remote command execution on the target server.
13
2023-07-12
whalebone7/CVE-2023-24489-poc
POC for CVE-2023-24489 with bash.
1
2023-08-27
2 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
85%
EPSS
94.39%
CVSS v3.1
9.8
Mentions
2
CNA Information
CNA Assigner
Citrix
Analyst Note
CVE-2023-24489 is confirmed as a zero-day: it affects Citrix ShareFile (CVSS 9.8), CISA added it to the KEV catalog explicitly citing 'evidence of active in-the-wild exploitation,' and the 2023 CVE year combined with KEV listing for in-the-wild attacks indicates exploitation occurred before or concurrent with patch availability. The high CVSS and rapid KEV inclusion support zero-day status.
Triage Info
Decided atMar 20, 2026
Published DateJul 10, 2023