⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-15.

CVE-2021-22941 — Improper Access Control in Citrix Sharefile Storagezones Controller

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption CWE-502 — Deserialization of Untrusted Data CWE-269 — Improper Privilege Management15 documents9 sources

Severity

9.8CRITICALNVD

VulnCheck10.0

EPSS

87.8%

top 0.52%

CISA KEV

KEVRansomware

Added 2022-03-25

Due 2022-04-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Citrix Sharefile Storagezones Controller Citrix ADM Citrix Hypervisor +6 more

Timeline

PublishedSep 23

KEV addedMar 25

KEV dueApr 15

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶NVDcitrix/sharefile_storagezones_controller< 5.11.20

▶citrixcitrix/sharefile

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-83fg-h4qw-7574: Improper Access Control in Citrix ShareFile storage zones controller before 5↗2022-05-24

▶

VulnCheck

Apache Log4j2 Remote Code Execution Vulnerability↗2021

▶

VulnCheck

Citrix ShareFile Improper Access Control Vulnerability↗2021

▶

🔍Detection Rules

Suricata

ET EXPLOIT Citrix ShareFile Storage Zones Controller RCE Attempt (CVE-2021-22941)↗2022-01-25

▶

Suricata

ET EXPLOIT Possible Citrix ShareFile RCE Inbound (CVE-2021-22941)↗2021-09-27

▶

📋Vendor Advisories

CISA

Citrix ShareFile Improper Access Control Vulnerability↗2022-03-25

▶

Citrix

CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the s↗2021-09-23

▶

Citrix

Citrix Security Bulletin CTX328123↗

▶

🕵️Threat Intelligence

Greynoiseio

The Sixth Day Of Tagsmas (2023): Citrix ShareFile Remote Code Execution Vulnerability (CVE-2023-24489)↗

▶

Wiz

CVE-2026-2701 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Crowdstrike

Category↗

▶

Wiz

CVE-2026-2699 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Crowdstrike

PROPHET SPIDER Exploits Citrix ShareFile↗

▶