CVE-2024-55956 Scanner

Cleo Harmony is a comprehensive integration platform primarily used for managed file transfers and data exchanges across various industries. It is designed to automate, secure, and streamline the transfer of files between disparate systems. The platform supports a range of file types and communication protocols, making it ideal for businesses that require secure file transfer and data management solutions. Cleo Harmony is widely adopted by companies needing high-performance, secure file-sharing capabilities in industries like finance, healthcare, and logistics. It provides advanced features for monitoring, reporting, and file processing. However, like any software, it can be prone to vulnerabilities if not kept up-to-date and properly configured.

The vulnerability identified in Cleo Harmony is an unrestricted file upload issue that can be exploited by unauthenticated users. This vulnerability is due to improper validation in the Autorun directory settings, allowing attackers to upload arbitrary files. Attackers can upload malicious scripts or executables, such as Bash or PowerShell commands, and execute them on the host system. Exploiting this vulnerability could lead to remote code execution and compromise the system. The issue is present in versions of Cleo Harmony prior to 5.8.0.24. This issue is categorized under file upload vulnerabilities and could be exploited through the default settings.

The issue occurs due to improper handling of the Autorun directory, which allows unauthenticated users to upload arbitrary files. The uploaded files can be Bash or PowerShell scripts that the attacker can execute remotely. The vulnerable endpoints are primarily associated with file synchronization processes where file paths are not sufficiently validated. This allows an attacker to inject malicious payloads into the system, potentially gaining full control over the machine. The vulnerability is made worse by the lack of authentication controls on these endpoints. An attacker simply needs access to the system’s synchronization feature, which does not require proper user authentication, to exploit this flaw.

If exploited, this vulnerability allows attackers to execute arbitrary commands on the host system. The execution of malicious Bash or PowerShell scripts can lead to a complete system compromise. Attackers could escalate their privileges, exfiltrate sensitive data, or install persistent malware. The lack of authentication means that any unauthenticated user with network access to the system can exploit this vulnerability. Moreover, since the vulnerable system may be connected to sensitive file transfer processes, the exploitation could have severe implications for the integrity of business operations and data security. The attacker may also gain unauthorized access to files, leading to further exploitation and unauthorized access to other network resources.

REFERENCES

• Rapid7 Analysis of CVE-2024-55956
• NVD CVE-2024-55956