Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956) - Vulnerability Database

Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)

Description

Cleo Harmony, VLTrader, and LexiCom contain arbitrary file read/write vulnerabilities that leads to remote code execution. Successful exploitation of the vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Cleo software

References

Cleo Product Security Update - CVE-2024-55956

Cleo Product Security Advisory - CVE-2024-50623

Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623)

Technical Analysis CVE-2024-55956

Related Vulnerabilities

Severity

Critical

Classification

CVE-2024-50623

CVE-2024-55956

CWE-434

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L