WARNING: CRITICAL VULNERABILITY IN CLEO PRODUCTS HARMONY, VLTRADER AND LEXICOM, PATCH IMMEDIATELY!

Cleo is a global provider of enterprise integration solutions that help businesses optimize data flows, communication, and B2B (business-to-business) transactions. Recently, the Cl0p ransomware group claimed responsibility for the successful exploitation of vulnerabilities in Cleo products, including CVE-2024-50623. On December 13, 2024, Cleo released a security update addressing another critical vulnerability, CVE-2024-55956, affecting their Harmony, VLTrader, and LexiCom products up to version 5.8.0.24.

 

Given the high impact on confidentiality, integrity, and availability, and the involvement of the Cl0p ransomware group, customers are urged to prioritize patching after thorough testing.

This critical vulnerability affects Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24. It allows an unauthenticated attacker to import and execute arbitrary Bash or PowerShell commands on the host system by taking advantage of the default settings in the Autorun directory. This is due to incorrect default permissions (CWE-276) and should be fixed in versions 5.8.0.24 and later.

 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. 

 

 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. CVE-2024-55956 is patched in versions 5.8.0.24 and later.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.