Progress Software has announced a critical zero-day vulnerability as the cause of last week’s emergency shutdown of the ShareFile Storage Zones Controller. The company has issued a security update to address this security flaw.
In a recent advisory, Progress strongly recommended that customers using ShareFile Storage Zones Controller immediately power down their Windows servers upon receiving notifications of an “external security threat.”
During this period, Progress temporarily suspended access to all ShareFile accounts utilizing the Storage Zones Controller while they collaborated with cybersecurity experts to investigate the situation.
In an update to customers today, Progress detailed their findings, revealing a high-severity path traversal vulnerability affecting all 5.x and 6.x versions of the ShareFile Storage Zones Controller.
The company stated, “An authenticated administrative user has the capability to read any file accessible to the application’s service account, upload attacker-controlled content to any directory, or enumerate the server’s filesystem layout,” according to an email reviewed by BleepingComputer.
Progress noted that a CVE identifier has been reserved for this vulnerability and is anticipated to be publicly disclosed within two weeks.
Moreover, the company has released versions 5.12.5 and 6.0.2 of the ShareFile Storage Zones Controller and urges all customers to install this essential security update immediately. Following the installation of the updates, users can safely re-enable the storage zones controller.
While Progress has received credible information regarding a potential threat directed at ShareFile customers, they currently have no evidence of any customer being compromised.
“To date, we have no indications of unauthorized access to ShareFile customer accounts or data, and no active threats have been detected,” Progress emphasized.
The Storage Zones Controller is a customer-managed Windows server designed to allow organizations to store files on-premises while benefiting from ShareFile’s cloud platform for authentication, permissions, auditing, and collaboration.
As these storage zones controllers house files transferred via the system, they represent lucrative targets for extortion groups engaged in data theft attacks.
BleepingComputer reached out to Progress for clarification on whether the vulnerability was identified internally or by external researchers, the reason behind the two-week delay for the CVE disclosure, and if any further technical details would be provided.
We will update this story when we receive a response from Progress.
Security teams only document 54% of successful attacks and issue warnings in just 14% of cases. Most breaches go undetected.
Picus’ whitepaper demonstrates how to effectively test your SIEM and EDR rules through breach and attack simulations to ensure threats remain visible.
Source: www.bleepingcomputer.com




