CVE-2024-50623 - Cleo Multiple Products Unrestricted File Upload Vulnerability

CVE-2024-50623: Cleo | Multiple Products

Date Added:
2024-12-13

Due Date:
2025-01-03

Vulnerability Name: Cleo Multiple Products Unrestricted File Upload Vulnerability

Description: Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623

Related News Articles

Clop ransomware claims responsibility for Cleo data theft attacksDecember 16, 2024

CISA confirms critical Cleo bug exploitation in ransomware attacksDecember 14, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard