Widespread Exploitation of Cleo File Transfer Software
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Critical vulnerabilities in Cleo file transfer products, including VLTrader, Harmony, and LexiCom, are being actively exploited. Initially stemming from an insufficient patch for CVE-2024-50623, a new critical vulnerability (CVE-2024-55956) allows unauthenticated users to execute arbitrary commands. Exploitation has been confirmed in customer environments, with attackers dropping modular Java backdoors and conducting post-exploitation activities. Affected versions include those prior to 5.8.0.24. Immediate patching and removal from public internet access are recommended. Indicators of compromise and post-exploitation behavior have been observed, including enumeration commands, PowerShell usage, and attempts to clear Windows event logs.
OPENCTI LABELS :
cleo,cve-2024-55956
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Widespread Exploitation of Cleo File Transfer Software