U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

Share:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog.

“Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution.” reads the advisory. “Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.21) to address additional discovered potential attack vectors of the vulnerability. ”

The vulnerability affects the following products LexiCom before version 5.8.0.21, Harmony prior to version 5.8.0.21, and VLTrader prior to version 5.8.0.21.

On December 9, reports of active exploitation targeting Cleo file transfer software began circulating among cybersecurity community. Security firm Huntress publicly disclosed ongoing exploitation involving three different Cleo products.

“On December 3, Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers.” reads the post published by Huntress. “We’ve directly observed evidence of threat actors exploiting this software en masse and performing post-exploitation activity.”

Huntress researchers created a proof of concept and learned the patch does not mitigate the software flaw. The experts warned that fully patched systems running 5.8.0.21 are still exploitable.

Caleb Stewart, a Principal Security Researcher, developed a Python script exploiting an arbitrary file-write vulnerability. This script successfully placed files in the autoruns subdirectory, demonstrating the execution capability. The method was tested against both LexiCom and VLTrader software, with versions 5.8.0.0 and the patched 5.8.0.21, confirming the exploit’s effectiveness.

Caleb Stewart, a Principal Security Researcher, developed a Python script exploiting an arbitrary file-write vulnerability. This script successfully placed files in the autoruns subdirectory, demonstrating the execution capability. The researchers tested the PoC against both LexiCom and VLTrader software, with versions 5.8.0.0 and the patched 5.8.0.21, confirming the exploit’s effectiveness.

Huntress researchers published Indicators of Compromise (IOCs) for attacks exploiting this vulnerability.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by January 3, 2025.

Pierluigi Paganini

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
6:02 pm, Feb 15, 2025
weather icon 4°C
L: 3° | H: 5°
light rain
Humidity: 85 %
Pressure: 1019 mb
Wind: 10 mph E
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0.22 mm
Clouds: 75%
Rain Chance: 0%
Visibility: 9 km
Sunrise: 7:14 am
Sunset: 5:15 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
3° | 5°°C 1 mm 100% 6 mph 88 % 1020 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
2° | 5°°C 0.79 mm 79% 9 mph 95 % 1022 mb 0 mm/h
Mon Feb 17 9:00 pm
weather icon
1° | 7°°C 0 mm 0% 7 mph 77 % 1022 mb 0 mm/h
Tue Feb 18 9:00 pm
weather icon
3° | 9°°C 0 mm 0% 9 mph 73 % 1021 mb 0 mm/h
Wed Feb 19 9:00 pm
weather icon
5° | 11°°C 0 mm 0% 8 mph 94 % 1019 mb 0 mm/h
Today 6:00 pm
weather icon
3° | 4°°C 1 mm 100% 6 mph 85 % 1020 mb 0 mm/h
Today 9:00 pm
weather icon
2° | 3°°C 1 mm 100% 6 mph 88 % 1020 mb 0 mm/h
Tomorrow 12:00 am
weather icon
2° | 3°°C 0.79 mm 79% 6 mph 91 % 1020 mb 0 mm/h
Tomorrow 3:00 am
weather icon
2° | 2°°C 0 mm 0% 5 mph 95 % 1020 mb 0 mm/h
Tomorrow 6:00 am
weather icon
3° | 3°°C 0 mm 0% 7 mph 88 % 1020 mb 0 mm/h
Tomorrow 9:00 am
weather icon
3° | 3°°C 0 mm 0% 7 mph 85 % 1021 mb 0 mm/h
Tomorrow 12:00 pm
weather icon
5° | 5°°C 0 mm 0% 9 mph 65 % 1021 mb 0 mm/h
Tomorrow 3:00 pm
weather icon
5° | 5°°C 0 mm 0% 8 mph 62 % 1021 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€92,823.56
-1.22%
Ethereum(ETH)
€2,558.17
-3.28%
XRP(XRP)
€2.62
-0.09%
Tether(USDT)
€0.95
-0.01%
Solana(SOL)
€184.49
-5.50%
USDC(USDC)
€0.95
-0.01%
Dogecoin(DOGE)
€0.259120
-4.12%
Shiba Inu(SHIB)
€0.000015
-4.41%
Pepe(PEPE)
€0.000010
-7.03%
Scroll to Top