WARNING: CRITICAL VULNERABILITY IN CLEO PRODUCTS HARMONY, VLTRADER AND LEXICOM, PATCH IMMEDIATELY!
Referentie:
Advisory #2024-293
Versie:
1.0
Geïmpacteerde software:
Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24
Type:
CWE-276: Incorrect Default Permissions
CVE/CVSS:
CVE-2024-55956: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Datum:
18/12/2024
Bronnen
https://nvd.nist.gov/vuln/detail/CVE-2024-55956
Risico’s
Cleo is a global provider of enterprise integration solutions that help businesses optimize data flows, communication, and B2B (business-to-business) transactions. Recently, the Cl0p ransomware group claimed responsibility for the successful exploitation of vulnerabilities in Cleo products, including CVE-2024-50623. On December 13, 2024, Cleo released a security update addressing another critical vulnerability, CVE-2024-55956, affecting their Harmony, VLTrader, and LexiCom products up to version 5.8.0.24.
Given the high impact on confidentiality, integrity, and availability, and the involvement of the Cl0p ransomware group, customers are urged to prioritize patching after thorough testing.
Beschrijving
This critical vulnerability affects Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24. It allows an unauthenticated attacker to import and execute arbitrary Bash or PowerShell commands on the host system by taking advantage of the default settings in the Autorun directory. This is due to incorrect default permissions (CWE-276) and should be fixed in versions 5.8.0.24 and later.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. CVE-2024-55956 is patched in versions 5.8.0.24 and later.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.