443/67 Monday, December 16, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerability CVE-2024-50623 (CVSS score 8.8), which affects Cleo Harmony, VLTrader, and LexiCom products, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves unrestricted file upload and download, which could lead to remote code execution (RCE). Users are advised to update their software to version 5.8.0.21. The affected products include:
- LexiCom versions prior to 5.8.0.21
- Harmony versions prior to 5.8.0.21
- VLTrader versions prior to 5.8.0.21
On December 9, 2024, reports of attacks exploiting this vulnerability in Cleo software were identified by Huntress, a cybersecurity company. Huntress found that even after updating to version 5.8.0.21, the vulnerability remained exploitable. Researchers successfully developed a proof-of-concept exploit involving arbitrary file writes, enabling code execution in LexiCom and VLTrader software, including both versions 5.8.0.0 and 5.8.0.21. Additionally, Huntress has released Indicators of Compromise (IOCs) related to the attacks to help organizations detect and mitigate threats effectively.
To prevent and reduce risks associated with these vulnerabilities, agencies under the Federal Civilian Executive Branch (FCEB) are required to address the issue within a specified timeframe. CISA has mandated that federal agencies fix this vulnerability by January 3, 2025, to prevent its exploitation.
