Huntress discovered two arbitrary file upload vulnerabilities that can lead to remote code execution [CVE-2024-50623] and [CVE-2024-55956] in Cleo products. This affects their Harmony, VLTrader, and LexiCom products, which are used to secure file transfer.
- CVE-2024-50623 affects previously, fully patched versions 5.8.0.21 and prior.
- CVE-2024-55956 affects previously, fully patched versions 5.8.0.23 and prior.
The root cause of these vulnerabilities is an arbitrary file upload. The vulnerabilities allow for Remote Code Execution, potentially allowing attackers to run arbitrary code on the vulnerable asset.
See current events and status.
What To Do
Because this has been known to be exploited, conducting further Investigations for signs of compromise is prudent.
- Perform scans with vulnerability management tools to identify vulnerable instances of Cleo products in your organization.
- Cleo has released a patch and recommends immediate updates. Directions for update can be found in their security advisory.
Resources
- Cleo Solution Center, “Cleo Product Security Update - CVE-2024-55956”
- National Vulnerability Database, “CVE-2024-50623 Detail”
- National Vulnerability Database, “CVE-2024-55956 Detail”
- December 17, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.