New Cleo zero-day RCE flaw exploited in data theft attacks

SUMMARY :

A critical zero-day vulnerability in Cleo's managed file transfer software is being actively exploited by hackers to breach corporate networks and steal data. The flaw affects Cleo LexiCom, VLTrader, and Harmony products, allowing unrestricted file upload and downloads leading to remote code execution. It bypasses a previous fix for CVE-2024-50623. Exploitation began on December 3, 2024, with a significant increase on December 8. The attacks involve writing malicious files into the 'autorun' directory, which are then processed automatically, executing PowerShell commands and downloading additional payloads. At least ten organizations have been impacted, with 390 potentially vulnerable servers identified globally. Users are advised to take immediate mitigation steps, including moving exposed systems behind firewalls and disabling the autorun feature.

OPENCTI LABELS :

rce,zero-day,data theft,termite,cleo,lexicom,cve-2024-50623,vltrader,cleo harmony


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Cleo zero-day RCE flaw exploited in data theft attacks