Cleo Software Actively Being Exploited in the Wild

SUMMARY :

A critical vulnerability in Cleo's LexiCom, VLTransfer, and Harmony software, used for file transfer management, is being actively exploited. The flaw allows unauthenticated remote code execution, affecting all versions up to and including 5.8.0.21. Attackers are exploiting this vulnerability to drop malicious files, execute PowerShell commands, and gain persistence on affected systems. The attack chain involves placing files in the 'autorun' directory and leveraging the software's import functionality. Post-exploitation activities include domain reconnaissance and potential Active Directory enumeration. Multiple businesses, particularly in consumer products, food industry, trucking, and shipping sectors, have been compromised. Huntress researchers have developed a proof-of-concept and are working with Cleo to address the issue.

OPENCTI LABELS :

exploitation,remote code execution,vulnerability,cleo,file transfer software,lexicom,vltransfer,harmony,cve-2024-50623


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Cleo Software Actively Being Exploited in the Wild