Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
Description
Cleo Harmony, VLTrader, and LexiCom file transfer applications contain critical vulnerabilities (CVE-2024-50623 and CVE-2024-55956) that allow unauthenticated attackers to read and write arbitrary files on the server. These vulnerabilities can be chained together or exploited independently to achieve remote code execution without requiring any user interaction or valid credentials, making them highly dangerous and actively exploited in the wild.
Remediation
Apply security patches immediately by upgrading to the latest patched version of Cleo software as specified in the vendor security advisories. For Cleo Harmony, VLTrader, and LexiCom, upgrade to version 5.8.0.21 or later. If immediate patching is not possible, implement the following temporary mitigations: (1) Restrict network access to the Cleo application to trusted IP addresses only using firewall rules, (2) Disable the vulnerable Autorun directory functionality if not required for business operations, (3) Monitor system logs for suspicious file access patterns and unauthorized file modifications, (4) Conduct a thorough security assessment of affected systems to identify potential compromise indicators. Verify the patch installation by checking the application version and testing that unauthorized file operations are properly blocked.