Description

Cleo Harmony, VLTrader, and LexiCom contain arbitrary file read/write vulnerabilities that leads to remote code execution. Successful exploitation of the vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Cleo software

References

Cleo Product Security Update - CVE-2024-55956

Cleo Product Security Advisory - CVE-2024-50623

Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623)

Technical Analysis CVE-2024-55956

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3742)

MySQL CVE-2019-2614 Vulnerability (CVE-2019-2614)

MySQL CVE-2022-21351 Vulnerability (CVE-2022-21351)

Lighttpd Resource Management Errors Vulnerability (CVE-2008-4298)

Oracle JRE CVE-2013-2434 Vulnerability (CVE-2013-2434)

Severity

Critical

Classification

CVE-2024-50623 CVE-2024-55956 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Arbitrary File Read Arbitrary File Write Known Vulnerabilities