Security News > 2024 > December > Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)
2024-12-10 13:24
Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered at least 10 businesses whose Cleo servers were compromised with a notable uptick in exploitation observed on December 8 around 07:00 UTC. After some initial analysis, however, we have found evidence of exploitation as early as December 3,” they shared, and noted that there … More → The post Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-50623 | Unrestricted Upload of File with Dangerous Type vulnerability in Cleo Harmony, Lexicom and Vltrader In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. | 9.8 |