Unrestricted File Upload Vulnerability in Cleo Harmony and Associated Products
CVE-2024-50623
Key Information:
- Vendor
- Cleo Harmony
- Status
- Vltrader
- Harmony
- Lexicom
- Vendor
- CVE Published:
- 28 October 2024
Badges
What is CVE-2024-50623?
CVE-2024-50623 is a critical security vulnerability found in Cleo Harmony and its associated products, including VLTrader and LexiCom, all prior to version 5.8.0.21. These products are designed for secure file transfer, integration, and data management, playing a crucial role in enterprise business operations. The unrestricted file upload and download functionality associated with this vulnerability can allow an attacker to upload malicious files, potentially leading to remote code execution. If exploited, this could severely impact organizations by enabling unauthorized access to sensitive systems and data.
Technical Details
This vulnerability arises from insufficient restrictions on file uploads and downloads within the affected Cleo software versions. An attacker can leverage this flaw to execute arbitrary code on the server, which may lead to complete system compromise. The absence of proper file validation measures means that malicious files can masquerade as legitimate, bypassing security controls and posing a significant threat to the integrity of the system.
Impact of the Vulnerability
-
Remote Code Execution: The most severe impact of CVE-2024-50623 is its potential to facilitate remote code execution, allowing attackers to gain control over affected systems. This could lead to unauthorized actions that compromise the confidentiality, integrity, and availability of sensitive data.
-
Data Breaches: Exploitation of this vulnerability can result in significant data breaches, where attackers can access, modify, or exfiltrate sensitive information stored on the affected systems. This poses significant risks to organizational reputation and compliance with data protection regulations.
-
Business Operation Disruption: The exploitation of this vulnerability could lead to operational disruptions as systems may be rendered inoperable due to malware installation, resulting in downtime and potential financial losses for organizations that rely on Cleo products for their business processes.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
CybersecurityNewsCVE-2024-50623Cleo Zero-Day RCE Vulnerability Actively Exploited in the Wild
A critical zero-day vulnerability (CVE-2024-50623) in Cleo’s file transfer products—Harmony, VLTrader, and LexiComis being actively exploited by threat actors, cybersecurity researchers have warned.
CyberScoopCVE-2024-50623Clop is back to wreak havoc via vulnerable file-transfer software
Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, a IT company that sells enterprise software.
Cleo vulnerability attacks claimed by Clop ransomware gang
The group behind the 2023 MOVEit attacks says it is deleting previous victims’ data to focus on its Cleo campaign.
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 🦅
CISA Reported
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by TechTarget
Vulnerability published