Critical Advisory: Cleo Software Security Vulnerability and Recommended Mitigations

Critical Advisory: Cleo Software Security Vulnerability and Recommended Mitigations

Your Business Solutions is issuing a warning about a critical Cleo software security vulnerability (CVE-2024-50623) that impacts the following products:

  • Cleo Harmony® (versions prior to 5.8.0.23)
  • Cleo VLTrader® (versions prior to 5.8.0.23)
  • Cleo LexiCom® (versions prior to 5.8.0.23)

While Cleo has released a patch for this issue, the patch is currently incomplete and may allow attackers to bypass it. This leaves systems vulnerable to unauthorized remote code execution.

Understanding the Threat

This vulnerability enables attackers to exploit the default settings of the Autorun directory to execute arbitrary commands on the affected system.

Details of Exploitation:
  • Malicious files can be placed in the /[cleo product]/temp directory.
  • These files can then be triggered using commands in the /autorun directory.
  • Exploited systems may establish reverse shell connections to untrusted IP addresses, compromising the security of Cleo Harmony®, VLTrader®, or LexiCom® servers.

Organizations using these Cleo products must act promptly to minimize the risk of exploitation.

Recommended Actions

To mitigate the risks associated with this Cleo software security vulnerability, Your Business Solutions strongly recommends implementing the following steps:

  • Disable the Autorun Directory: Temporarily disable this feature to block unauthorized scripts from executing.
  • Enable IP Allowlisting: Restrict access to only trusted IP addresses and limit communication to pre-approved clients, partners, and systems.
  • Restrict Protocols and Ports: Use Cleo’s built-in allowlisting tools to secure key network protocols and ports.
  • Block Public Internet Access: Prevent synchronization or data exchanges over public internet networks.
  • Implement File Integrity Monitoring: Monitor critical files for unauthorized changes and investigate any suspicious modifications promptly.
  • Review File Permissions: Regularly audit and limit file permissions to ensure only authorized users can make changes.

We’re Here to Help

At Your Business Solutions, we specialize in cybersecurity in The Woodlands. As a Texas-based IT Managed Service Provider (MSP), we are dedicated to protecting businesses from cyber threats and ensuring their IT infrastructure is secure and optimized.

If you need assistance implementing these mitigation measures or have concerns about your organization’s security posture, our team of experts is ready to help. Contact us today for personalized support and guidance in safeguarding your systems against this Cleo software security vulnerability and other potential risks. Together, we’ll ensure your operations remain secure and resilient.

References:

Cleo Product Security Advisory
Cleo Product Security Advisory CVE Pending