SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-50623

CVE-2024-50623: Cleo Harmony File Upload RCE Vulnerability

CVE-2024-50623 is an unrestricted file upload vulnerability in Cleo Harmony, VLTrader, and LexiCom that enables remote code execution. This article covers the technical details, affected versions, security impact, and mitigation steps.

Updated:

CVE-2024-50623 Overview

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Critical Impact

This vulnerability allows remote attackers to execute arbitrary code on the affected systems without authentication, potentially leading to full system compromise.

Affected Products

  • Cleo Harmony
  • Cleo LexiCom
  • Cleo VLTrader

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Cleo
  • Not Available - CVE CVE-2024-50623 assigned
  • Not Available - Cleo releases security patch
  • 2024-10-28 - CVE CVE-2024-50623 published to NVD
  • 2025-11-05 - Last updated in NVD database

Technical Details for CVE-2024-50623

Vulnerability Analysis

The issue exists due to an unrestricted file upload and download mechanism. This allows attackers to upload malicious files and execute arbitrary commands remotely. The vulnerability is trivially exploitable, making it highly critical.

Root Cause

The root cause is a lack of proper input validation and permission checks during file handling operations, leading to unauthorized access and execution capabilities.

Attack Vector

The attack can be carried out remotely over the network, targeting the affected components to exploit file handling mechanisms.

python
# Example exploitation code (sanitized)
import requests

url = "http://victim-system/upload"
files = {'file': open('malicious_payload', 'rb')}
response = requests.post(url, files=files)

print(response.status_code)

Detection Methods for CVE-2024-50623

Indicators of Compromise

  • Unexpected files in upload directories
  • Logs showing large file uploads
  • Unauthorized command execution logs

Detection Strategies

Network monitoring should be employed to detect patterns of anomalous file uploads and downloads, especially from untrusted sources. Monitoring tools should focus on unusual behavior in file system access and changes.

Monitoring Recommendations

Set up alerts for unusual file uploads and changes in file permissions. Use endpoint detection solutions to monitor process creation linked to network trigger files.

How to Mitigate CVE-2024-50623

Immediate Actions Required

  • Apply security patches provided by Cleo
  • Restrict file upload permissions to trusted sources only
  • Implement stricter input validation and file inspection

Patch Information

Patches have been released by Cleo and can be found in their security advisory.

Workarounds

Disable file upload features if not necessary. Consider deploying an intrusion prevention system configured to block malicious file patterns.

bash
# Configuration example
chmod -R go-w /path/to/upload/directory
find /path/to/upload -type f -name '*.php' -exec rm -rf {} \;

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne