About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITies
Unrestricted File Upload and Download in Cleo File Transfer Products
Identifier: CVE-2024-50623 Bypass
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2024-50623 Bypass – Cleo Product Security Advisory
Description: CVE-2024-50623 Bypass is a critical vulnerability in Cleo's file transfer products—Harmony, VLTrader, and LexiCom—prior to version 5.8.0.24. This flaw allows unauthenticated attackers to perform unrestricted file uploads and downloads, potentially leading to remote code execution. The vulnerability has been actively exploited, with attackers establishing persistence, conducting reconnaissance, and executing arbitrary code on compromised systems.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to Cleo Harmony, VLTrader, and LexiCom version 5.8.0.24 or later, as listed in the Cleo Product Security Advisory. Immediate patching is recommended to prevent potential exploitation.