skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerability CVE-2024-55956 Found in Cleo Products

/ 1 min read

📂✨ New Critical Vulnerability Discovered in Cleo File Transfer Products. On December 9, 2024, security firms reported active exploitation of vulnerabilities in Cleo’s file transfer products, specifically LexiCom, VLTrader, and Harmony. Initially linked to CVE-2024-50623, a patched vulnerability from October 2024, a new critical vulnerability, CVE-2024-55956, was identified on December 10. This flaw allows unauthenticated users to execute arbitrary commands on the host system by exploiting default settings. Rapid7 and Huntress noted exploitation attempts as early as December 3, with a patch released by Cleo on December 11 to address the issue. The vulnerability highlights the risks associated with unrestricted file uploads and the need for timely updates to mitigate such threats.

Source
{entry.data.source.title}
Original