From 2c8956b19ed9aba6b6407e66aede318410aea249 Mon Sep 17 00:00:00 2001 From: Alwin Warringa Date: Thu, 12 Dec 2024 11:31:01 +0100 Subject: [PATCH 1/2] Create DIVD-2024-00052.md Eerste versie van de casefile --- _cases/2024/DIVD-2024-00052.md | 52 ++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 _cases/2024/DIVD-2024-00052.md diff --git a/_cases/2024/DIVD-2024-00052.md b/_cases/2024/DIVD-2024-00052.md new file mode 100644 index 00000000..a1d9aebc --- /dev/null +++ b/_cases/2024/DIVD-2024-00052.md @@ -0,0 +1,52 @@ +--- +layout: case +title: "Remote code execution in Cleo Harmony, VLCTrader and LexiCom" +author: Alwin Warringa +lead:Stan Plasmeijer +excerpt: "Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution" +researchers: +- Alwin Warringa +- Stan Plasmeijer +cves: +- CVE-2024-50623 +product: +- Cleo Harmony +- Cleo VLTrader +- Cleo LexiCom +versions: +- 5.8.0.24 and earlier +recommendation: "Upgrade to version 5.8.0.24 or later" +workaround: "none" +patch_status: Patch available +status : Open +start: 2024-12-10 +timeline: +- start: 2024-12-10 + end: + event: "DIVD starts researching the vulnerability." +- start: 2024-12-10 + end: + event: "DIVD finds fingerprint, preparing to scan." +- start: 2024-12-10 + end: + event: "Case opened and starting first scan." +--- + +## Summary +Cleo Harmony, VLCTrader and LexiCom versions below 5.8.0.24 are vulnerable for an remote code execution. A successful exploit of this vulnerability could allow an attacker to gain unauthorized access, with potential impacts to the confidentiality, integrity, and availability of the system. This vulnerability is exploitable without authentication. + +## Recommendations + +To remediate {% cve CVE-2024-50623 %} and a pending CVE, upgrade to version 5.8.0.24 or later. You can find a link to the Cleo bulletin at the bottom of this post. + +## What we are doing + +DIVD is currently working to identify parties that are running a vulnerable version of Cleo Harmony, VLCTrader or LexiCom and to notify these parties. + +{% include timeline.html %} + +## More information + +* {% cve CVE-2024-50623 %} +* [Cleo Security Bulletin](https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory-CVE-2024-50623) +* [Cleo Security Bulletin](https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pending) From 53fb817e94283ef99662189056386a747d03c49d Mon Sep 17 00:00:00 2001 From: Alwin Warringa Date: Thu, 12 Dec 2024 11:35:54 +0100 Subject: [PATCH 2/2] Update DIVD-2024-00052.md Fix typo --- _cases/2024/DIVD-2024-00052.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00052.md b/_cases/2024/DIVD-2024-00052.md index a1d9aebc..54e3d215 100644 --- a/_cases/2024/DIVD-2024-00052.md +++ b/_cases/2024/DIVD-2024-00052.md @@ -2,7 +2,7 @@ layout: case title: "Remote code execution in Cleo Harmony, VLCTrader and LexiCom" author: Alwin Warringa -lead:Stan Plasmeijer +lead: Alwin Warringa excerpt: "Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution" researchers: - Alwin Warringa