virus logo Intrusion Prevention

Cleo.File.Transfer.Software.Unrestricted.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Unrestricted File Upload Vulnerability in Cleo File Transfer Software.
This vulnerability is due to improper input validation when uploading files. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability can result in remote code execution.

affected-products-logoAffected Products

Cleo Harmony (prior to version 5.8.0.21)
Cleo VLTrader (prior to version 5.8.0.21)
Cleo LexiCom (prior to version 5.8.0.21)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory-CVE-2024-50623

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-12-30 29.928
Modified
 Default_action:pass:drop
2024-12-19 29.924
Modified
 Sig Added
2024-12-18 29.923
New
ID 57006
Created Dec 16, 2024
Updated Dec 27, 2024
CVE ID
Tags Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.01%
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type Permission/Privilege/Access Control