The US CISA adds Cleo vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation reported.
Security vendor Huntress was the first to publicize the attacks, revealing that the remote code execution (RCE) vulnerability affects Cleo Harmony, VLTrader, and LexiCom products. This critical security flaw stems from an incomplete patch released by the vendor in October, which attackers managed to bypass.
It’s tracked as CVE-2024-50623 with a CVSS score of 8.7. The vulnerability allows malicious actors to inject Network Error Logging (NEL) headers in Kubernetes proxy responses, leading to the exfiltration of session data. By exploiting this flaw, attackers can potentially steal user session data and gain unauthorized access to accounts.
Huntress’s disclosure has brought attention to the urgency of addressing this vulnerability. Given the high severity of the issue and the ease with which the original patch was circumvented, it is crucial for organizations using Cleo Harmony, VLTrader, and LexiCom to take immediate action. Users are strongly advised to implement the latest security patches provided by the vendor to mitigate the risks associated with this flaw.
This incident underscores the importance of thorough and effective patch management. Incomplete patches can leave systems vulnerable to exploitation, highlighting the need for continuous monitoring and timely updates to ensure robust security.
CISA has set 03rd January 2025 as a deadline for federal agencies to remediate
