Today, Cleo released patches to block ongoing attacks and strongly urged customers to upgrade instances of Harmony, VLTrader, and LexiCom to version 5.8.0.24 as soon as possible. The upgrade addresses discovered potential attack vectors and secures Internet-exposed servers vulnerable to breach attempts.
Furthermore, Cleo also advises those who cannot immediately upgrade to disable the Autorun feature by going into the System Options and clearing out the Autorun directory (this will not block incoming attacks but will reduce the attack surface).
A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software products is being actively exploited by threat actors, even on systems with the latest patches. The vulnerability affects Cleo Harmony, VLTrader, and LexiCom products up to version 5.8.0.24, allowing unauthenticated remote code execution through unrestricted file upload and download capabilities. Despite Cleo releasing a patch in October 2024, security researchers at Huntress have confirmed that the patch does not fully mitigate the vulnerability.
At least 10 businesses have been confirmed compromised, with exploitation evidence dating back to December 3, 2024.