U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

Share:

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog.

“Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution.” reads the advisory. “Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.21) to address additional discovered potential attack vectors of the vulnerability. ”

The vulnerability affects the following products LexiCom before version 5.8.0.21, Harmony prior to version 5.8.0.21, and VLTrader prior to version 5.8.0.21.

On December 9, reports of active exploitation targeting Cleo file transfer software began circulating among cybersecurity community. Security firm Huntress publicly disclosed ongoing exploitation involving three different Cleo products.

“On December 3, Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers.” reads the post published by Huntress. “We’ve directly observed evidence of threat actors exploiting this software en masse and performing post-exploitation activity.”

Huntress researchers created a proof of concept and learned the patch does not mitigate the software flaw. The experts warned that fully patched systems running 5.8.0.21 are still exploitable.

Caleb Stewart, a Principal Security Researcher, developed a Python script exploiting an arbitrary file-write vulnerability. This script successfully placed files in the autoruns subdirectory, demonstrating the execution capability. The method was tested against both LexiCom and VLTrader software, with versions 5.8.0.0 and the patched 5.8.0.21, confirming the exploit’s effectiveness.

Caleb Stewart, a Principal Security Researcher, developed a Python script exploiting an arbitrary file-write vulnerability. This script successfully placed files in the autoruns subdirectory, demonstrating the execution capability. The researchers tested the PoC against both LexiCom and VLTrader software, with versions 5.8.0.0 and the patched 5.8.0.21, confirming the exploit’s effectiveness.

Huntress researchers published Indicators of Compromise (IOCs) for attacks exploiting this vulnerability.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by January 3, 2025.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
2:57 am, Apr 4, 2025
weather icon 10°C
L: 8° | H: 11°
overcast clouds
Humidity: 82 %
Pressure: 1019 mb
Wind: 3 mph ENE
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 8 km
Sunrise: 6:28 am
Sunset: 7:37 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
8° | 11°°C 0 mm 0% 13 mph 83 % 1020 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
7° | 17°°C 0 mm 0% 13 mph 72 % 1021 mb 0 mm/h
Sun Apr 06 10:00 pm
weather icon
7° | 13°°C 0 mm 0% 13 mph 78 % 1027 mb 0 mm/h
Mon Apr 07 10:00 pm
weather icon
5° | 14°°C 0 mm 0% 8 mph 77 % 1029 mb 0 mm/h
Tue Apr 08 10:00 pm
weather icon
5° | 14°°C 0 mm 0% 8 mph 73 % 1030 mb 0 mm/h
Today 4:00 am
weather icon
10° | 11°°C 0 mm 0% 4 mph 82 % 1019 mb 0 mm/h
Today 7:00 am
weather icon
10° | 10°°C 0 mm 0% 5 mph 83 % 1019 mb 0 mm/h
Today 10:00 am
weather icon
14° | 17°°C 0 mm 0% 9 mph 68 % 1020 mb 0 mm/h
Today 1:00 pm
weather icon
20° | 20°°C 0 mm 0% 11 mph 46 % 1019 mb 0 mm/h
Today 4:00 pm
weather icon
19° | 19°°C 0 mm 0% 13 mph 40 % 1018 mb 0 mm/h
Today 7:00 pm
weather icon
15° | 15°°C 0 mm 0% 10 mph 57 % 1018 mb 0 mm/h
Today 10:00 pm
weather icon
12° | 12°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h
Tomorrow 1:00 am
weather icon
9° | 9°°C 0 mm 0% 10 mph 65 % 1019 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€74,982.41
-1.05%
Ethereum(ETH)
€1,637.21
-0.99%
Tether(USDT)
€0.90
-0.03%
XRP(XRP)
€1.85
-0.39%
USDC(USDC)
€0.90
-0.01%
Solana(SOL)
€104.47
-3.65%
Dogecoin(DOGE)
€0.146061
-2.79%
Shiba Inu(SHIB)
€0.000011
-1.60%
Pepe(PEPE)
€0.000006
-6.37%
Scroll to Top