Overview
- Progress sent an urgent customer email the evening of July 10 instructing administrators to immediately shut down internet-facing Windows servers that host ShareFile Storage Zone Controllers.
- The company has temporarily disabled cloud-side access for accounts that use on-prem Storage Zone Controllers and says it is working with internal and external security experts to investigate the threat.
- Progress reports no indication so far of unauthorized access to ShareFile accounts or data but has not disclosed technical details, affected versions, or a timeline for restoring service.
- Storage Zone Controllers sit at the network edge and route customer file traffic between on-prem storage and the ShareFile cloud, which makes internet-facing controllers high-value targets and explains the manual shutdown instruction.
- The move echoes a 2023 exploitation of an unauthenticated remote code execution flaw in the controller (CVE-2023-24489) and security experts warn roughly 3,000 internet-facing controllers could create a large potential blast radius if an exploit is active.