REDLEGG BLOG

Emergency Security Bulletin: Cleo File Transfer Products

12/12/24 12:06 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.


VULNERABILITies

Unrestricted File Upload and Download in Cleo File Transfer Products

Identifier: CVE-2024-50623 Bypass
Exploit or POC: Yes, active exploitation has been observed in the wild. 
Update: CVE-2024-50623 Bypass – Cleo Product Security Advisory

Description: CVE-2024-50623 Bypass is a critical vulnerability in Cleo's file transfer products—Harmony, VLTrader, and LexiCom—prior to version 5.8.0.24. This flaw allows unauthenticated attackers to perform unrestricted file uploads and downloads, potentially leading to remote code execution. The vulnerability has been actively exploited, with attackers establishing persistence, conducting reconnaissance, and executing arbitrary code on compromised systems.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to Cleo Harmony, VLTrader, and LexiCom version 5.8.0.24 or later, as listed in the Cleo Product Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities Vulnerability Bulletins

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Patch Tuesday - January 2025 Vulnerability Bulletins

Patch Tuesday - January 2025

*Important note: These are not the only vulnerabilities that were recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin