Category Archives: Advisories

Cleo Multiple Products Unrestricted File Upload Vulnerability (CVE-2024-50623)

Read Time:1 Minute, 9 Second

What is the Vulnerability?An unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution, affecting multiple Cleo products is being actively exploited in the wild. The vulnerability affects the following Cleo products (versions before and including 5.8.0.21)-Cleo Harmony -Cleo VLTrader -Cleo LexiCom Cleo is a software company focused on Managed File Transfer (MFT) solutions. Its products-Cleo VLTrader, Cleo Harmony, and Cleo LexiCom facilitates secure file transfers, B2B integration, and streamlines data exchange and integration.On December 13, 2024, CISA confirmed that the CVE-2024-50623, is being actively exploited, including in Ransomware campaigns and has been added to the Known Exploited Vulnerabilities (KEV) catalog.What is the recommended Mitigation?FortiGuard Labs strongly advises all Cleo customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch as released and follow: Cleo Product Security Advisory – CVE-2024-50623 – CleoWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard Web Filtering service blocks all the known Indicators of Compromise (IoCs) related to the campaigns targeting the Cleo Vulnerability. FortiGuard IPS protection coverage is under review, and this report will be updated as new coverage becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

USN-7161-1: Docker vulnerabilities

Read Time:27 Second

Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed in
Ubuntu 24.04 LTS. (CVE-2024-29018)

Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. (CVE-2024-41110)

Read More