Share This:

Cybersecurity Threat Advisory

A critical vulnerability, identified as CVE-2024-50623, has been discovered in Cleo’s file transfer software suite. This vulnerability allows attackers to exploit an unrestricted file upload and download flaw, potentially leading to remote code execution (RCE) on vulnerable systems. Continue reading this Cybersecurity Threat Advisory to learn how to secure your environment.

What is the threat?

The vulnerability stems from a lack of proper input validation and sanitization in the software. Attackers can craft malicious file uploads that contain malicious code, such as JavaScript. Once uploaded, these files can be executed on the server, granting attackers unauthorized access to the system.

Why is it noteworthy?

Bad actors can use this vulnerability to install a back door on Cleo Harmony, VLTrader, and LexiCom instances. Exploitation requires no prior authentication but might require some form of user interaction to execute commands on the host using the default settings of the Autorun directory. These commands are used to establish a remote shell connection from suspicious IP addresses back to the Harmony, VLTrader, or LexiCom server. Organizations who’s been affected include various consumer products, logistics and shipping organizations, and food suppliers.

A patch has been released in versions 5.8.0.21 of Cleo Harmony, VLTrader, and LexiCom. However, researchers have found that the patch does not mitigate the security flaw. Organizations using these tools are still susceptible to being exploited.

What is the exposure or risk?

Organizations using Cleo Harmony, VLTrader, and LexiCom are vulnerable to several risks including data breaches, system compromise, network disruptions, and reputational damage.

What are the recommendations?

Barracuda recommends the following actions to secure your environment until a suitable patch is released:

  • Move any internet-exposed Cleo systems behind a firewall until an updated patch is released.
  • Disable the autorun feature. Service providers can provide scripts for customers to disable autorun.
  • Update the software to the latest version to minimize the risk of exposure to vulnerabilities present in earlier versions.
  • Apply the new patch once it is available.

Reference:

For more in-depth information about the recommendations, please visit the following link:

https://www.helpnetsecurity.com/2024/12/10/cve-2024-50623-cleo-file-transfer-software-vulnerabilities-exploited/

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Stacey Landrum

Posted by Stacey Landrum

Stacey is a Cybersecurity Analyst at Barracuda. She's a security expert, working on our Blue Team within our Security Operations Center. Stacey supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *