Users of Cleo-managed file transfer software are being warned to secure their systems from a critical vulnerability that is currently being exploited in the wild. Huntress, a cybersecurity firm, reported evidence of widespread exploitation of this flaw, identified as CVE-2024-50623, originally discovered on December 3, 2024. The vulnerability affects Cleo’s LexiCom, VLTransfer, and Harmony software, allowing for unauthenticated remote code execution due to unrestricted file uploads.
Cleo acknowledged the issue, which has consequences for its clients worldwide—over 4,200 in number. In addition, the firm issued a further advisory on a related vulnerability that could also result in remote code execution.
Despite recent patches, cybersecurity analysis suggests these fixes do not entirely resolve the underlying security implications. The flaw enables attackers to execute arbitrary code using specially crafted files dropped into the "autorun" sub-directory of the software installation directory. Recent attacks have led to the compromise of at least ten businesses, reportedly affecting sectors including consumer products, logistics, and food supply.
The exploitation appears to have intensified on December 8, 2024, suggesting an alarming trend in the use of this vulnerability. Ransomware groups, particularly the Cl0p group, have been known to target file transfer tools, leading industry experts to emphasize the urgent need for organizations to safeguard their installations and ensure they have implemented the latest security updates.
Kevin Beaumont, a noted security researcher, mentioned that operators from the Termite ransomware group might already be utilizing a zero-day exploit for the Cleo software. Huntress and Rapid7 both confirmed that the vulnerability has been abused effectively against client environments within the cybersecurity landscape.
As the landscape of cyber threats evolves, this incident highlights the critical importance of maintaining secure software practices and remaining vigilant against emerging vulnerabilities.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.