CVE-2024-50623: Cleo Multiple Products Unrestricted File Upload Vulnerability
First published: Sun Oct 27 2024(Updated: )
Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cleo Multiple Products | ||
| Cleo Harmony | <5.8.0.21 | |
| Cleo LexiCom | <5.8.0.21 | |
| Cleo Vltrader | <5.8.0.21 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/12/10/cleo_vulnerability/
- https://www.bleepingcomputer.com/news/security/cleo-patches-critical-zero-day-exploited-in-data-theft-attacks/
- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update
- https://nvd.nist.gov/vuln/detail/CVE-2024-50623
- https://www.bleepingcomputer.com/news/security/cisa-confirms-critical-cleo-bug-exploitation-in-ransomware-attacks/
- https://www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/
- https://www.theregister.com/2024/12/16/ransomware_attacks_exploit_cleo_bug/
- https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/
- https://www.darkreading.com/application-security/cleo-mft-zero-day-exploits-escalate-analysts-warn
- https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory
- https://www.bleepingcomputer.com/news/security/clop-ransomware-threatens-66-cleo-attack-victims-with-data-leak/
- https://www.bleepingcomputer.com/news/security/clop-ransomware-is-now-extorting-66-cleo-data-theft-victims/
- https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2024-50623?
CVE-2024-50623 is considered a critical vulnerability due to the potential for remote code execution with elevated privileges.
How do I fix CVE-2024-50623?
To fix CVE-2024-50623, upgrade to Cleo Harmony version 5.8.0.21, VLTrader version 5.8.0.21, or LexiCom version 5.8.0.21.
What products are affected by CVE-2024-50623?
CVE-2024-50623 affects Cleo Harmony, VLTrader, and LexiCom prior to versions 5.8.0.21.
Can CVE-2024-50623 lead to data theft?
Yes, CVE-2024-50623 can potentially lead to data theft due to its unrestricted file upload and download vulnerability.
What are the implications of exploiting CVE-2024-50623?
Exploitation of CVE-2024-50623 can allow an attacker to execute arbitrary code remotely with elevated privileges.
- agent/type
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-50623
- agent/weakness
- collector/bleeping-computer
- source/BleepingComputer
- agent/remedy
- agent/title
- agent/description
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/author
- alias/CVE-2024-55956
- collector/darkreading
- source/Dark Reading
- agent/softwarecombine
- agent/severity
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- alias/CVE-2024-1212
- alias/CVE-2018-10561
- alias/CVE-2014-8361
- alias/CVE-2024-38812
- alias/CVE-2024-37085
- alias/CVE-2024-38813
- agent/references
- agent/tags
- agent/event
- agent/trending
- agent/news-ai
- zeroday/true
- vendor/cleo
- canonical/cleo multiple products
- canonical/cleo harmony
- canonical/cleo lexicom
- canonical/cleo vltrader