U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

Share:

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog.

“Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution.” reads the advisory. “Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.21) to address additional discovered potential attack vectors of the vulnerability. ”

The vulnerability affects the following products LexiCom before version 5.8.0.21, Harmony prior to version 5.8.0.21, and VLTrader prior to version 5.8.0.21.

On December 9, reports of active exploitation targeting Cleo file transfer software began circulating among cybersecurity community. Security firm Huntress publicly disclosed ongoing exploitation involving three different Cleo products.

“On December 3, Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers.” reads the post published by Huntress. “We’ve directly observed evidence of threat actors exploiting this software en masse and performing post-exploitation activity.”

Huntress researchers created a proof of concept and learned the patch does not mitigate the software flaw. The experts warned that fully patched systems running 5.8.0.21 are still exploitable.

Caleb Stewart, a Principal Security Researcher, developed a Python script exploiting an arbitrary file-write vulnerability. This script successfully placed files in the autoruns subdirectory, demonstrating the execution capability. The method was tested against both LexiCom and VLTrader software, with versions 5.8.0.0 and the patched 5.8.0.21, confirming the exploit’s effectiveness.

Caleb Stewart, a Principal Security Researcher, developed a Python script exploiting an arbitrary file-write vulnerability. This script successfully placed files in the autoruns subdirectory, demonstrating the execution capability. The researchers tested the PoC against both LexiCom and VLTrader software, with versions 5.8.0.0 and the patched 5.8.0.21, confirming the exploit’s effectiveness.

Huntress researchers published Indicators of Compromise (IOCs) for attacks exploiting this vulnerability.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by January 3, 2025.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
5:23 am, Apr 26, 2025
weather icon 8°C
L: 7° | H: 9°
scattered clouds
Humidity: 87 %
Pressure: 1021 mb
Wind: 6 mph ENE
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 40%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 5:41 am
Sunset: 8:14 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
7° | 9°°C 0 mm 0% 8 mph 86 % 1025 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
9° | 21°°C 0.2 mm 20% 4 mph 75 % 1026 mb 0 mm/h
Mon Apr 28 10:00 pm
weather icon
12° | 21°°C 0 mm 0% 8 mph 86 % 1026 mb 0 mm/h
Tue Apr 29 10:00 pm
weather icon
11° | 20°°C 0 mm 0% 9 mph 61 % 1026 mb 0 mm/h
Wed Apr 30 10:00 pm
weather icon
11° | 23°°C 0 mm 0% 8 mph 75 % 1025 mb 0 mm/h
Today 7:00 am
weather icon
8° | 9°°C 0 mm 0% 4 mph 86 % 1021 mb 0 mm/h
Today 10:00 am
weather icon
11° | 13°°C 0 mm 0% 6 mph 77 % 1022 mb 0 mm/h
Today 1:00 pm
weather icon
16° | 16°°C 0 mm 0% 8 mph 56 % 1023 mb 0 mm/h
Today 4:00 pm
weather icon
16° | 16°°C 0 mm 0% 7 mph 54 % 1023 mb 0 mm/h
Today 7:00 pm
weather icon
14° | 14°°C 0 mm 0% 7 mph 60 % 1023 mb 0 mm/h
Today 10:00 pm
weather icon
11° | 11°°C 0 mm 0% 3 mph 69 % 1025 mb 0 mm/h
Tomorrow 1:00 am
weather icon
10° | 10°°C 0 mm 0% 2 mph 74 % 1025 mb 0 mm/h
Tomorrow 4:00 am
weather icon
9° | 9°°C 0 mm 0% 3 mph 75 % 1025 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€83,150.45
1.46%
Ethereum(ETH)
€1,577.14
1.96%
Tether(USDT)
€0.88
0.02%
XRP(XRP)
€1.93
0.35%
Solana(SOL)
€132.84
-0.41%
USDC(USDC)
€0.88
0.00%
Dogecoin(DOGE)
€0.164219
3.40%
Shiba Inu(SHIB)
€0.000013
5.21%
Pepe(PEPE)
€0.000009
9.26%
Scroll to Top