Cleo Product Security Advisory

When a cyber threat strikes, your defenses are all that stand between a breach and business as usual. Recently, a critical vulnerability—CVE-2024-50623—was identified in Cleo’s suite of products, presenting a significant risk of remote code execution. Thanks to the quick actions of our Security Operations Center (SOC) team and the custom detection rules we’ve developed; a client’s infrastructure was spared from what could have been a devastating attack. Here’s what happened and what you need to know to protect your business.

The Vulnerability Explained

The CVE-2024-50623 vulnerability is an unrestricted file upload and download flaw that affects the following Cleo products:

  • Cleo Harmony® (versions prior to 5.8.0.21)
  • Cleo VLTrader® (versions prior to 5.8.0.21)
  • Cleo LexiCom® (versions prior to 5.8.0.21)

If exploited, this vulnerability could allow attackers to execute malicious code remotely, potentially compromising sensitive data, disrupting operations, and impacting organizational trust.

How the Threat Was Stopped

Our SOC team identified suspicious activity involving Cleo LexiCom (version 5.3) at a client site. The process javaw.exe in LexiCom’s directory attempted to launch a Base64-encoded PowerShell script. This activity was flagged by our custom detection rules, designed to spot anomalies and high-risk behaviors in real time.

Upon detection, our team acted swiftly to:

  1. Isolate the threat: The malicious process was terminated, preventing further execution.
  2. Restore operations: The server was restored the same day, with the vulnerability patched using Cleo’s recommended updates.
  3. Educate and recommend: The client was briefed on the incident, and proactive measures were suggested to bolster security.

What Businesses Can Learn

This incident underscores the importance of proactive security measures and having a robust SOC in place. Here’s what you can do to stay protected:

  • Update Software Regularly: Ensure that all systems, including third-party tools, are running the latest versions with security patches applied.
  • Enable Advanced Monitoring: Use custom detection rules tailored to your business environment to catch hidden threats.
  • Train Your Team: Make sure your employees understand the basics of cybersecurity hygiene and recognize red flags.

Why Choose Reboot, Inc. for Cybersecurity?

At Reboot, we specialize in maximizing ROI while minimizing risk in IT investments. Our expertise goes beyond standard security measures, leveraging custom scripts, real-time monitoring, and deep knowledge of industry vulnerabilities to protect your assets. This Cleo vulnerability incident is just one example of how we help clients prevent threats before they become crises.

Protect your business today. Contact us to discuss how we can safeguard your IT environment against evolving threats.

Would you like to learn more about this incident or discuss your security needs? Reach out to us now!