Cleo Zero-Day File Transfer Vulnerabilities Exploited in the Wild
Red | Vulnerability Report
Download PDFCritical zero-day vulnerabilities, CVE-2024-50623 and CVE-2024-55956, have been identified in Cleo’s file transfer products: Harmony, VLTrader, and LexiCom. These flaws are currently being actively exploited by threat actors, enabling unrestricted file uploads and downloads, which can be leveraged to achieve remote code execution (RCE). The vulnerabilities pose a significant risk to organizations relying on these tools for secure file transfers. The Cl0p ransomware gang is found exploiting these flaws in the wild.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox