Urgent Alert: Cleo File Transfer Vulnerability Under Attack
Cleo Software Vulnerability: Cybersecurity Alert for Users to Secure Systems
Cleo-managed file transfer software users are being urged to take immediate action to protect their systems from a serious vulnerability that has been exploited en masse. Cybersecurity experts from Huntress reported on December 3, 2024, that threat actors are actively targeting Cleo’s LexiCom, VLTransfer, and Harmony software, which are susceptible to unauthenticated remote code execution. This alarming situation highlights the importance of ensuring that your Cleo software is not exposed to the internet.
The vulnerability, tracked as CVE-2024-50623, arises from an unrestricted file upload flaw that allows attackers to execute arbitrary code. Cleo has over 4,200 clients globally and has recently issued advisories regarding this security issue, emphasizing the need for users to assess their software configurations.
Key Details About the Cleo Vulnerability
-
Affected Software Versions:
- Cleo Harmony (up to version 5.8.0.23)
- Cleo VLTrader (up to version 5.8.0.23)
- Cleo LexiCom (up to version 5.8.0.23)
- Nature of the Attack:
- Recent attacks have demonstrated that the vulnerability can be exploited to drop multiple malicious files, including an XML file designed to execute embedded PowerShell commands. This leads to the retrieval of a Java Archive (JAR) file from a remote server.
- The attacks utilize the "autorun" sub-directory within the installation folder, allowing the malicious files to be read and executed by the vulnerable software.
Rising Exploitation Incidents
At least ten organizations, including consumer product companies, logistics firms, and food suppliers, have reportedly had their Cleo servers compromised. A significant increase in exploitation attempts was noted on December 8, 2024, around 7 a.m. UTC, with evidence indicating that the first exploitation occurred on December 3.
Recommendations for Cleo Users
To protect against potential attacks, Cleo users should:
- Ensure that all software is updated to the latest versions.
- Review their security settings to limit internet exposure.
- Monitor for any unusual activities within their systems.
The Threat Landscape
Although Cleo has released patches for CVE-2024-50623, Huntress has cautioned that these patches may not completely resolve the underlying vulnerabilities. Additionally, recent reports suggest that ransomware groups, including Cl0p and the Termite group, may have developed zero-day exploits targeting Cleo’s software, heightening the urgency for users to take proactive measures.
For more information on the Cleo vulnerability and to stay updated on cybersecurity best practices, consider visiting CVE Details and Huntress Labs.
Stay Informed and Secure
If you found this article informative, we invite you to share your thoughts in the comments below. For more in-depth articles on cybersecurity and software protection, follow us on Twitter and LinkedIn for the latest updates.