Cleo File Transfer [CVE-2024-50623 & CVE-2024-55956] Ingrid Huntress discovered two arbitrary file upload vulnerabilities that can lead to remote code execution [CVE-2024-50623] and [CVE-2024-55956] in Cleo products. This affects their Harmony, VLTrader, and LexiCom products, which are used to secure file transfer. CVE-2024-50623 affects previously, fully patched versions 5.8.0.21 and prior. CVE-2024-55956 affects previously, fully patched versions 5.8.0.23 and prior. The root cause of these vulnerabilities is an arbitrary file upload. The vulnerabilities allow for Remote Code Execution, potentially allowing attackers to run arbitrary code on the vulnerable asset. See current events and status. What To Do Because this has been known to be exploited, conducting further Investigations for signs of compromise is prudent. Perform scans with vulnerability management tools to identify vulnerable instances of Cleo products in your organization. Cleo has released a patch and recommends immediate updates. Directions for update can be found in their security advisory. Resources Cleo Solution Center, “Cleo Product Security Update - CVE-2024-55956” National Vulnerability Database, “CVE-2024-50623 Detail” National Vulnerability Database, “CVE-2024-55956 Detail” December 17, 2024: Published. Related articles Cleo File Transfer [CVE-2024-50623 & CVE-2024-55956] – December 17, 2024 Desktop Software Risk Vector Marsh McLennan Study: Correlation Between Bitsight Analytics and Cybersecurity Incidents SAML Setup TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.