CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jan 3, 2025
High
CISA KEVRansomwareCVE-2024-50623
Cleo—Multiple Products
Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.
Required Action
https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Dec 13, 2024
- KEV Added
- Dec 13, 2024
- Due Date
- Jan 3, 2025
- Related Articles
- 0
Vendor
Cleo
Multiple Products