cbcvebase.
CVE-2020-7473
published 2020-05-07

CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020…

PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
14.29%
96.2th percentile
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.

Affected

13 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adm
citrixcitrix_hypervisor
citrixcitrix_virtual_apps_and_desktops
citrixendpoint_management
citrixnetscaler_adc
citrixnetscaler_gateway
citrixsharefile
citrixsharefile_storagezones_controller<= 5.5.0
citrixsharefile_storagezones_controller
citrixsharefile_storagezones_controller
citrixsharefile_storagezones_controller
citrixsharefile_storagezones_controller
citrixxenserver

Detection & IOCsextracted from sources · hover to see the quote

  • Target unauthenticated access to ShareFile StorageZones Controller document/folder endpoints — exploitation is possible even on patched versions (5.10.x) if the storage zone was originally created under a vulnerable version (5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier)
  • Monitor for unauthenticated HTTP requests to Citrix ShareFile StorageZones Controller endpoints that retrieve documents or folder listings — no session/auth token should be present in such requests
  • Correlate CVE-2020-7473 detections with related CVE-2020-8982 (unauthenticated arbitrary file read) and CVE-2020-8983 (arbitrary file write / RCE) activity on the same StorageZones Controller host, as all three share the same exploitability condition and attack surface
  • ·Exploitability is determined by the version used to CREATE the storage zone, not the currently installed/running version. A fully patched 5.10.x controller remains exploitable if its storage zone was originally set up under version 5.9.0 or earlier. Version-based patch checks alone are insufficient to confirm remediation.
  • ·Both on-premise deployments and Citrix Cloud-hosted ShareFile instances are internet-facing and within scope for exploitation, per the related CVEs sharing the same root condition.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.