CVE-2020-8982
published 2020-05-07CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent…
PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
27.15%
97.8th percentile
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | sharefile | — | — |
| citrix | sharefile_storagezones_controller | <= 5.5.0 | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/XmlPeek.aspx?dt=\\..\\..\\..\\..\\..\\..\\Windows\\win.ini&x=/validate.ashx?requri
path/XmlPeek.aspx
- →HTTP GET request to /XmlPeek.aspx with path traversal in the 'dt' parameter targeting Windows\win.ini; a vulnerable host returns HTTP 200 with body containing 'bit app support', 'fonts', and 'extensions'.
- →Response body match: presence of all three strings 'bit app support', 'fonts', and 'extensions' (AND condition) in the HTTP 200 response body confirms successful arbitrary file read exploitation.
- →The vulnerability is exploitable only if the storage zone was originally created with StorageZones Controller version 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier — regardless of the currently installed version. ↗
- ·Exploitability is determined by the version used at storage zone CREATION time, not the currently installed version. A fully patched 5.10.x installation remains vulnerable if the zone was originally created on 5.9.0 or earlier. ↗
- ·Scope of impact includes both on-premise deployments and Citrix Cloud-hosted ShareFile instances, as both are internet-facing. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xqh7-34g2-j95q: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-8982 [HIGH] GHSA-xqh7-34g2-j95q: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983 but has essentially the same risk.
GHSA
GHSA-jjf5-33c4-34wr: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-8983 [HIGH] GHSA-jjf5-33c4-34wr: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982 but has essentially the same risk.
GHSA
GHSA-2p3q-x3x4-ww4x: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-7473 [HIGH] GHSA-2p3q-x3x4-ww4x: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
VulnCheck
Citrix ShareFile Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2020·CVSS 7.5
CVE-2020-8982 [HIGH] Citrix ShareFile Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Citrix ShareFile Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5
Citrix
CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of M
vendor_citrix·2020-05-07·CVSS 7.5
CVE-2020-7473 [HIGH] CWE-22 CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of M
CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
Citrix
CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x
vendor_citrix·2020-05-07·CVSS 7.5
CVE-2020-8983 [HIGH] CWE-22 CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x
CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473
Citrix
CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the mos
vendor_citrix·2020-05-07·CVSS 7.5
CVE-2020-8982 [HIGH] CWE-22 CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the mos
CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.
Citrix
Citrix Security Bulletin CTX269106
vendor_citrix·CVSS 7.5
CVE-2020-7473 [HIGH] Citrix Security Bulletin CTX269106
Citrix Security Bulletin CTX269106
CVE References: CVE-2020-7473, CVE-2020-8982, CVE-2020-8983, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
Nuclei
Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
nuclei·CVSS 7.5
CVE-2020-8982 [HIGH] Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability.
Template:
id: CVE-2020-8982
info:
name: Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
author: dwisiswant0
severity: high
description: Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability.
impact: |
An attacker can read arbitrary files on the affected system, potentially leading to unauthorized access to sensitive information.
remediation: |
Upgrade Citrix ShareFile StorageZones to version 5.11 or higher to mitigate the vulnerability.
re
No writeups or analysis indexed.
https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/viewhttps://support.citrix.com/article/CTX269106https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/viewhttps://support.citrix.com/article/CTX269106https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/
2020-05-07
Published
Exploited in the wild