Press ESC to close

Cleo Harmony, VLTrader, and LexiCom – RCE via Arbitrary File Write (CVE-2024-50623)

Attribute Details
Threat Actors Ransomware operators
Campaign Overview Exploitation of CVE-2024-50623 in Cleo MFT software by threat actors
Target Regions (Or Victims) Large enterprises using Cleo Harmony®, VLTrader®, LexiCom®
Methodology Arbitrary File Read/Write exploitation via the /Synchronization endpoint
Product Targeted Cleo Harmony® (up to v5.8.0.21), Cleo VLTrader® (up to v5.8.0.21), Cleo LexiCom® (up to v5.8.0.21)
Malware Reference Huntress video showcasing RCE and Arbitrary File Write exploits
Tools Used Java decompiler, patch diffing tools, HTTP commands
Vulnerabilities Exploited CVE-2024-50623 (Arbitrary File Read/Write, RCE)
TTPs Arbitrary File Read, Arbitrary File Write, Path Traversal
Attribution Huntress observed threat actors exploiting the vulnerability
Recommendations Apply security patches, disable autoruns feature to limit attack surface
Source Watch Towr Labs

Read full article: https://labs.watchtowr.com/cleo-cve-2024-50623/

The above summary has been generated by an AI language model

Source: watchTowr Labs

Published on: December 11, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me A Coffee
Thank you for visiting. You can now buy me a coffee!