CVE-2024-50623 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2024-50623?

CVE-2024-50623 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to upload and download files without restrictions in Cleo's Harmony, VLTrader, and LexiCom products, potentially leading to remote code execution (RCE). It affects users running versions before 5.8.0.21 of these software applications, putting their systems at risk of compromise.

📋 TL;DR

This vulnerability allows attackers to upload and download files without restrictions in Cleo's Harmony, VLTrader, and LexiCom products, potentially leading to remote code execution (RCE). It affects users running versions before 5.8.0.21 of these software applications, putting their systems at risk of compromise.

💻 Affected Systems

Products:

Cleo Harmony
Cleo VLTrader
Cleo LexiCom

Versions: Versions before 5.8.0.21

Operating Systems: Not specified; likely cross-platform as per product documentation

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with affected versions are vulnerable unless patched or workarounds applied.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, enabling data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attackers gain unauthorized access to sensitive files or execute malicious code, leading to data breaches or service disruption.

🟢

If Mitigated

Limited impact if file uploads are restricted or monitored, but risk remains if unpatched.

🌐 Internet-Facing: HIGH, as the vulnerability can be exploited remotely without authentication, making internet-exposed systems prime targets.

🏢 Internal Only: MEDIUM, as internal attackers or compromised devices could exploit it, but network segmentation may reduce exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY, given the high CVSS score and inclusion in CISA's known exploited vulnerabilities catalog.

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW, as it involves unrestricted file uploads, a common attack vector.

Exploitation is straightforward, allowing attackers to upload malicious files and execute code remotely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.0.21

Vendor Advisory: https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory

Restart Required: Yes

Instructions:

1. Download the patch from Cleo's official support portal. 2. Backup current configuration and data. 3. Apply the update to all affected products. 4. Restart the services to ensure changes take effect.

🔧 Temporary Workarounds

Restrict File Uploads via Web Server

all

Configure the web server to block or limit file uploads to specific types and sizes.

# Example for Apache: Set 'LimitRequestBody' in httpd.conf
# Example for Nginx: Use 'client_max_body_size' and 'location' directives

Implement Network Segmentation

all

Isolate affected systems from the internet and restrict internal access to minimize attack surface.

# Use firewall rules to block unnecessary inbound/outbound traffic
# Example: iptables -A INPUT -p tcp --dport [port] -j DROP

🧯 If You Can't Patch

Disable or block internet access to the affected applications to prevent remote exploitation.
Monitor file upload activities and logs for suspicious behavior, and implement strict access controls.

🔍 How to Verify

Check if Vulnerable:

Check the product version in the application's admin interface or configuration files; if it's below 5.8.0.21, it is vulnerable.

Check Version:

# Command varies by product; typically found in admin panel or via 'cat /path/to/version.txt' on Linux systems.

Verify Fix Applied:

After patching, confirm the version is 5.8.0.21 or higher and test file upload functionality to ensure restrictions are in place.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to application directories
Errors or warnings related to file handling in application logs

Network Indicators:

Suspicious HTTP POST requests with file uploads to vulnerable endpoints
Unexpected outbound connections from the application server

SIEM Query:

Example: 'source="app_logs" AND (event="file_upload" OR event="execution") AND severity="high"'

📊 Metadata

CVE ID: CVE-2024-50623

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: October 28, 2024

Last Updated: November 5, 2025

🔗 References

https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50623 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50623, you might also want to check these: