Cleo Multiple File Transfer Vulnerabilities

What is the Vulnerability?

The critical flaws allow attackers to exploit unrestricted file uploads and downloads, leading to Remote Code Execution affecting multiple Cleo products is being actively exploited in the wild.

The vulnerability affects the following Cleo products (versions before and including 5.8.0.21)
-Cleo Harmony
-Cleo VLTrader
-Cleo LexiCom

Cleo is a software company focused on Managed File Transfer (MFT) solutions. Its products-Cleo VLTrader, Cleo Harmony, and Cleo LexiCom facilitates secure file transfers, B2B integration, and streamlines data exchange and integration.

On December 13, 2024, CISA confirmed that the CVE-2024-50623, is being actively exploited, including in Ransomware campaigns and has been added to the Known Exploited Vulnerabilities (KEV) catalog.

What is the recommended Mitigation?

FortiGuard Labs strongly advises all Cleo customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch as released and follow: Cleo Product Security Advisory - CVE-2024-50623 – Cleo | Cleo Product Security Update - CVE-2024-55956 – Cleo

What FortiGuard Coverage is available?

• FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. 

• FortiGuard Endpoint Vulnerability Protection service is available to detect vulnerable systems. Endpoint Vulnerability | FortiGuard Labs

• FortiGuard Web Filtering service blocks all the known Indicators of Compromise (IoCs) related to the campaigns targeting the Cleo Vulnerability.

• FortiGuard IPS Protection is available to detect and block attack attempts targeting the Cleo vulnerability (CVE-2024-50623, CVE-2024-55956). See more at: Intrusion Prevention | FortiGuard Labs

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.