CVE-2020-8983
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.
Existe un problema de escritura arbitraria de archivos en todas las versiones del controlador Citrix ShareFile StorageZones (también conocido como zonas de almacenamiento), incluidas las versiones más recientes de 5.10.x a partir de mayo de 2020, que permite la ejecución remota de código. El acceso a archivos y RCE se otorga a todo lo alojado por ShareFile, ya sea en las instalaciones o dentro de Citrix Cloud (ambos están orientados a Internet). NOTA: a diferencia de la mayoría de los CVE, la capacidad de explotación depende de la versión del producto que estaba en uso cuando se realizó un paso de configuración particular, NO de la versión del producto que está en uso durante una evaluación actual del inventario de productos de un consumidor de CVE. Específicamente, la vulnerabilidad puede explotarse si una de estas versiones del producto creó una zona de almacenamiento: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0 o anterior. Este CVE difiere de CVE-2020-7473 y CVE-2020-8982.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-13 CVE Reserved
- 2020-05-07 CVE Published
- 2024-03-11 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.citrix.com/article/CTX269106 | 2020-05-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Sharefile Storagezones Controller Search vendor "Citrix" for product "Sharefile Storagezones Controller" | <= 5.5.0 Search vendor "Citrix" for product "Sharefile Storagezones Controller" and version " <= 5.5.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Sharefile Storagezones Controller Search vendor "Citrix" for product "Sharefile Storagezones Controller" | 5.6.0 Search vendor "Citrix" for product "Sharefile Storagezones Controller" and version "5.6.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Sharefile Storagezones Controller Search vendor "Citrix" for product "Sharefile Storagezones Controller" | 5.7.0 Search vendor "Citrix" for product "Sharefile Storagezones Controller" and version "5.7.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Sharefile Storagezones Controller Search vendor "Citrix" for product "Sharefile Storagezones Controller" | 5.8.0 Search vendor "Citrix" for product "Sharefile Storagezones Controller" and version "5.8.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Sharefile Storagezones Controller Search vendor "Citrix" for product "Sharefile Storagezones Controller" | 5.9.0 Search vendor "Citrix" for product "Sharefile Storagezones Controller" and version "5.9.0" | - |
Affected
| ||||||