What is CVE-2024-50623?

CVE-2024-50623 is a vulnerability in N/a, classified under Unrestricted Upload of File with Dangerous Type. Published 2024-10-27.

Is CVE-2024-50623 known to be exploited?

Yes. CVE-2024-50623 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-12-13), indicating it is being actively exploited. 14 public proof-of-concept repositories are indexed.

Arbitrary file upload in N/a

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Vulnerability class: Unrestricted File Upload

EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2024-12-13. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2025-01-03.

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known ransomware campaign use: yes.

Public proof-of-concept exploits

References

support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory

Frequently asked questions

What is CVE-2024-50623?: CVE-2024-50623 is a vulnerability in N/a, classified under Unrestricted Upload of File with Dangerous Type. Published 2024-10-27.
Is CVE-2024-50623 known to be exploited?: Yes. CVE-2024-50623 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-12-13), indicating it is being actively exploited. 14 public proof-of-concept repositories are indexed.