For the last few days we are scanning & sharing IPs of Cleo Harmony/VLTrader/LexiCom CVE-2024-50623/CVE-2024-55956 vulnerable file transfer instances. These RCE vulnerabilities are being exploited in the wild.
We see around 930 vulnerable in our daily scans. Majority in US.
IP data shared in our Vulnerable HTTP Report: https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/
Make sure to review also for compromise if you receive a report from us!
Dashboard tracker: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2024-12632%2B&tag=cve-2024-50623%2B&dataset=unique_ips&limit=1000&group_by=tag&style=overlap
Map:
https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2024-12-14&source=http_vulnerable&source=http_vulnerable6&tag=cve-2024-12632%2B&tag=cve-2024-50623%2B&geo=all&data_set=count&scale=log
Patch to version 5.8.0.24:
https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956
(note we currently tag cve-2024-55956 as cve-2024-12632. cve-2024-12632 is now rejected as a duplicate of cve-2024-55956. We will replace it with cve-2024-55956 in future scans)
=> View attached media | View attached media
=> More informations about this toot | More toots from shadowserver@infosec.exchange
text/geminiThis content has been proxied by September (3851b).