Citrix Systems, Inc. is a multinational tech company that delivers virtualization technologies, server applications, and cloud computing innovations for desktops and other computing platforms. It became popular for its development of remote access products for Microsoft, enabling user machines to access different remote resources and technologies.
In a most recent observation by several cyber security experts, it’s been found that the American software company has been stealthily deploying security patches without any warning or notice of its details to the public.
There were no announcements made to inform users of any improvements or update releases. But according to several reports, it was intended to fix several security vulnerabilities on their popular content sharing platform, Citrix ShareFile.
Citrix ShareFile is their innovative content sharing solution designed for their Enterprise customers. Enterprise customers can share sensitive contents – business data, corporate secrets, employee info, and other proprietary company information – without worrying about security.
All thanks to this secure solution, which provides on-premises cloud environment for large data accommodation, featuring state of the art compliance management and auditing resources. These elements grant the company with the ability to perform remote commands to completely block or delete any data from an enrolled device in case it becomes compromised.
Now, the vulnerabilities detected (CVE-2020-7473, CVE-2020-8982, and CVE-2020-8983) were specifically pointing to ShareFile’s storage zone controllers, this is where the sensitive company data resides, just behind the system’s firewall. The affected components responsible for storing these data, if exploited, could allow any hacker to access all of the data as easily as opening a door. There were no specific details listed about these vulnerabilities but an inspection showed that one of the flaws could have existed in an old ASP.Net toolkit that ShareFile used.
The security patch, designed to fully mitigate the issue, has a tool that must be launched on both the primary storage zone controller and secondary controller. It was also explicitly stated that once the tool is launched successfully, you can not and should not roll back any of the changes that was implemented.
The tool embedded in the patch forces changes on the web.config file and deletes UploadTest.aspx and XmlFeed.aspx from all affected servers. Any reverse action will trigger changes that will make the storage zone completely unavailable, risking loss and damage to the data. So, strictly no additional actions are required.
A systems engineer named Dimitri van de Glessen, leaked this detected security patch in order to warn the public. Citrix has since made the alert available on their official website.